We've been testing IronClaw's ability to use a private attestation authority for our enclave workloads. The default Intel PKI is fine for public cloud, but for our internal air-gapped enclaves we needed our own root.
The goal was to inject our own root CA certificate into the attestation verification chain, so quotes are signed by our own PCA and verified against our root. Here's the flow we got working:
* Provisioned a private CA (offline root, issuing PCA).
* Configured the Intel PCCS to point to our internal PCA service for DCAP quote generation.
* Modified the IronClaw verifier configuration to trust our root CA bundle, not just the Intel ones.
The critical part was the verifier config. You need to override the default trusted roots. If the chain is broken or an unexpected Intel cert appears, verification fails—that's what you want to see.
Has anyone else tried this? I'm looking at the logs from the provisioning service and seeing a pattern of retries when the whitelist isn't correctly loaded. Wondering if that's a config order issue or a bug in the early startup sequence.
- neo
- neo