Asymmetric Key Cryptography depends on assumption that the public keys are widely distributed and tied to their rightful owner who has access to the private key. This problem of Public Key Distribution presents a challenge for a widespread adoption. Certificate Authorities solve this by enshrining a trusted authority whose public key is known to all other parties in the system. This root authority obtains the public keys of other parties securely and issues a certificate which binds the identity of the keys to the corresponding party.
Now the certificate's subject contains the public identity of the party with expiration dates which is a workaround to revoke past certificates. The certificate is signed by the Root Authority's private key thus giving user's ability to verify the certificate using RA public key which is also embedded in the certificate and can be double checked.
The chain of trust generates from the Intel Root Public key which is widely available and is trusted by the verifier. Hence, they acts as a Certificate Authority. During production, a unique secret is generated uniformly at random, and embedded (provisioned) into each SGX CPU. The platform secret consists of two fuse keys: Root Provisioning Key (RPK) which is shared with Intel for hardware-based attestation, and Root Seal Key (RSK) which Intel promises to forget after production so that it is known exclusively by the platform. This enables enclaves to create platform unique values used for both sealing and local attestation.
Then Intel publishes certificate for every processors’s attestation key which becomes the next certificate chained to the Root CA.
The Provisioning Certification Enclave (PCE), which acts as a local Certificate Authority for local Quoting Enclaves (i.e. running on the same platform as each other). The Quoting Enclave(s) generate their own Attestation Keys using their preferred method and algorithm (1). The QE provides the PCE with the attestation public key (2). The PCE authenticates the request and issues a certificate-like structure identifying the QE and the Attestation Key (3). This structure is signed by a device and Trusted Computing Base–specific signing key called the Provisioning Certification Key (PCK). Intel publishes certificates and certificate revocation lists (CRLs) for the PCKs in all genuine Intel platforms. This results in a complete signature chain from the Quotes to an Intel CA (4). The resulting Quote can be verified by anyone with the complete certificate chain and CRLs.