topic Receiving ISV Enclave Trust Status as Enclave NOT TRUSTED. CONFIGURATION_AND_SW_HARDENING_NEEDED in Intel® Software Guard Extensions (Intel® SGX)

Receiving ISV Enclave Trust Status as Enclave NOT TRUSTED. CONFIGURATION_AND_SW_HARDENING_NEEDED

k__balaganapathy — Mon, 20 Jul 2020 07:19:34 GMT

Hi,

I am trying out this remote attestation example https://github.com/intel/sgx-ra-sample

I'm using SGX SDK version 2.9.1 and openSSL version 1.1.1c. I'm running it on a dell laptop with BIOS 1.15.1 and latest microcode 0xd6 on ubuntu 18.04, Intel i7 8th gen. When executing the remote attestation example, in the final verification step, i receive ISV Enclave Trust Status as: Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED. The mitigation tools were properly added with sdk 2.9.1. Still i receive the same status. Can anyone make a suggestion on how to rectify this?

Regards,

Bala

Re:Receiving ISV Enclave Trust Status as Enclave N...

JesusG_Intel — Mon, 20 Jul 2020 17:11:24 GMT

Hello Bala,

Your platform needs further configuration and mitigation actions. Please read this advisory, https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html, and download the Intel SGX Attestation Technical Details linked to in the following sentence:

"To address this issue, an SGX TCB recovery will be required in Q3 2020. Refer to Intel® SGX Attestation Technical Details for more information on the SGX TCB recovery process."

Re: Re:Receiving ISV Enclave Trust Status as Enclave N...

k__balaganapathy — Wed, 22 Jul 2020 09:32:20 GMT

Hello JesusG,

Thank you for replying. I went through the links that you provided and followed accordingly. Still i'm not able to rectify this status Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED.

I tried installing the latest SGX SDK v2.10 on my Ubuntu 18.04.4 LTS, Intel® Core™ i7-8650U.

Here is the server output i'm receiving after running the sample https://github.com/intel/sgx-ra-sample :

---- IAS Report - JSON - Optional Fields ----------------------------------- platformInfoBlob = 1502006500000800000F0F02040101070000000000000000000B00000B000000020000000000000BCB2411F1D4E37D6B5CDF21B4613E469239F1C06588B7BE7C7CA81BFD312E355224084EE08C6DE3C0F4E161110917A447C999F63DEF657AF59768A4E15F74F912CB revocationReason = pseManifestStatus = pseManifestHash = nonce = epidPseudonym = advisoryURL = https://security-center.intel.com advisoryIDs = INTEL-SA-00334,INTEL-SA-00161,INTEL-SA-00219,INTEL-SA-00289 ---------------------------------------------------------------------------- +++ Verifying report version against API version ---- ISV Enclave Trust Status ---------------------------------------------- Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED A Platform Info Blob (PIB) was provided by the IAS

The platform info blob returned by IAS:

---- Enclave Trust Status from Service Provider ---------------------------- Enclave NOT TRUSTED +++ PIB: 00000800000f0f02040101070000000000000000000b00000b000000020000000000000bcb2411f1d4e37d6b5cdf21b4613e469239f1c06588b7be7c7ca81bfd312e355224084ee08c6de3c0f4e161110917a447c999f63def657af59768a4e15f74f912cb +++ sgx_report_attestation_status ret = 0x0000

The advisoryIDs listed are INTEL-SA-00334,INTEL-SA-00161,INTEL-SA-00219,INTEL-SA-00289

As per INTEL-SA-00161 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html ), it was recommended to "update to the latest microcode". But i'm already using the latest microcode yet this is not resolved: Name Version Architecture Description intel-microcode 3.20200609.0ub amd64 Processor microcode firmware for Intel CPUs$ dmesg | grep microcode [ 1.855393] microcode: sig=0x806ea, pf=0x80, revision=0xd6 [ 1.855580] microcode: Microcode Update Driver: v2.2.
As per INTEL-SA-00219( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html ), to avoid this vulnerability "Ensure the latest BIOS from your system provider and Intel SGX platform software (PSW) is installed". I'm already using the latest BIOS: $ sudo dmidecode -s bios-version 1.15.1The SGX PSW is also installed as per SGX SDK 2.10. Also there is another recommendation "Disable integrated processor graphics where they are not used (usually server)." I'm not sure about this since i was not able to find any option to disable integrated graphics in bios. Kindly clarify if this is necessary.
As per INTEL-SA-00289 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html ), the recommendation was to "update to the latest BIOS version provided by the system manufacturer" which i've already done.
As per INTEL-SA-00334 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html ), it was recommended to "Ensure the latest Intel SGX PSW 2.9.100.2 or above for Linux is installed". I've installed the latest SGX PSW as per SGX SDK 2.10.
I've also disabled hyperthreading (HT) as mentioned in one of your docs

Can you kindly help me troubleshoot the problem?

Regards,

Bala

Re:Receiving ISV Enclave Trust Status as Enclave N...

JesusG_Intel — Wed, 22 Jul 2020 16:45:34 GMT

Hello Bala,

Thanks for the information. We will look into this further and I will update this thread when we have a response from our engineers.

Re:Receiving ISV Enclave Trust Status as Enclave N...

JesusG_Intel — Mon, 27 Jul 2020 17:18:50 GMT

Intel will no longer monitor this thread since this issue has been resolved. If you need any additional information from Intel, please submit a new question.

Hello Bala,

There are a few things going on here.

Intel-SA-00334 (Load Value Injection): https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html.

Please follow these links within the page above:

https://cdrdv2.intel.com/v1/dl/getContent/619320

An attestation response may report “SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms that have applied the microcode and SGX platform software update and are properly configured but are affected by INTEL-SA-00334. In this case a Remote Attestation Verifier should evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk.

• An attestation response may report “CONFIGURATION_NEEDED” or “CONFIGURATION_AND_SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms affected by INTEL-SA-00289 that have applied the microcode update, but where the BIOS did not disable the interface the privileged software can cause undervoltage to the processor. The “CONFIGURATION_NEEDED” response implies the platform is not affected by INTEL-SA-00334, while “CONFIGURATION_AND_SW_HARDENING_NEEDED” indicates the platform is affected by INTEL-SA-00334.

https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection

In short, any processor that is affected by LVI will always receive the "SW_HARDENING_REPLY" even if you build the enclave with the mitigations place. It is up to the service provider/relying party to determine a policy whether to accept the enclave or not if it believes the mitigations have been put in place. In other words, IAS provides this information and the relying party determines what to do with the information.

The “CONFIGURATION_AND_SW_HARDENING_NEEDED” may come from a combination of SA-00334 and SA-00289 as described above, or from the fact that you can't disable internal Gfx from your BIOS so you will always get "CONFIGURATION_NEEDED."

Again, this is just info from IAS on what they found. Your policy at the service provider determines whether to trust the enclave or not knowing the above limitations.