<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: About SW_HARDENING_NEEDED in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277484#M4540</link>
    <description>&lt;P&gt;Hyunsoo,&lt;/P&gt;
&lt;P&gt;You may enjoy reading the SGX Explained paper: &lt;A href="https://eprint.iacr.org/2016/086.pdf" target="_blank" rel="noopener"&gt;https://eprint.iacr.org/2016/086.pdf&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Thu, 29 Apr 2021 21:00:06 GMT</pubDate>
    <dc:creator>JesusG_Intel</dc:creator>
    <dc:date>2021-04-29T21:00:06Z</dc:date>
    <item>
      <title>About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1276881#M4524</link>
      <description>&lt;P&gt;IAS returns "SW_HARDENING_NEEDED" if the mitigations against known attacks are not represented in the received quote. So, the question is that how IAS checks the fact that mitigations are correctly handled. I couldn't understand that IAS checks them even though the IAS is a remote party.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thank you&lt;/P&gt;</description>
      <pubDate>Tue, 27 Apr 2021 05:35:52 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1276881#M4524</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2021-04-27T05:35:52Z</dc:date>
    </item>
    <item>
      <title>Re:About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277051#M4527</link>
      <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;From &lt;A href="https://www.intel.com/content/www/us/en/support/articles/000057990/software/intel-security-products.html" rel="noopener noreferrer" target="_blank"&gt;Unable to Determine the Criteria that the Remote Attestation Service (IAS) Examines to Attest the Validity of an Intel® Software Guard Extensions (Intel® SGX) Platform&lt;/A&gt;:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;"Remote Attestation Service (IAS)&amp;nbsp;examines only the quote sent by the service provider, or relying third party, to attest the enclave and the client platform.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&lt;B&gt;Refer&lt;/B&gt;&amp;nbsp;to the&amp;nbsp;&lt;I&gt;Data Structures&lt;/I&gt;&amp;nbsp;chapter of the&amp;nbsp;&lt;A href="https://software.intel.com/content/dam/develop/public/us/en/documents/sgx-attestation-api-spec.pdf" rel="noopener noreferrer" target="_blank"&gt;Intel® Software Guard Extensions (Intel® SGX) Attestation API Spec&lt;/A&gt;&amp;nbsp;for details of the&amp;nbsp;&lt;I&gt;Attestation Evidence Payload&lt;/I&gt;."&lt;/P&gt;&lt;P&gt;Specifically, IAS uses the fields we discussed in your other post: MSRSIGNER, MRENCLAVE, the various SVNs, and the PSE Manifest.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The IAS attestation report contains a Platform Info Blob (PIB) that you can &lt;A href="https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-decode-the-Platform-Info-Blob-PIB-returned-by-Intel-SGX/td-p/1210306" rel="noopener noreferrer" target="_blank"&gt;decode&lt;/A&gt;. The PIB is described in the&amp;nbsp;&lt;A href="https://software.intel.com/content/dam/develop/public/us/en/documents/sgx-attestation-api-spec.pdf" rel="noopener noreferrer" target="_blank"&gt;Intel® Software Guard Extensions (Intel® SGX) Attestation API Spec&lt;/A&gt;.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;For security purposes, Intel does not publish exactly how it uses all of that data to determine the security posture of the platform. Intel just tells you the data from the quote that it uses.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Whether the relying party should trust a quote with TCB issues is a policy decision. Security patches and recommended BIOS configurations harden the system against known vulnerabilities, and only the service provider can determine how much of a risk such a system presents. These decisions typically take the workload into account, as not all workloads are sensitive to specific vulnerabilities.&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Tue, 27 Apr 2021 17:20:58 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277051#M4527</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2021-04-27T17:20:58Z</dc:date>
    </item>
    <item>
      <title>Re: Re:About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277386#M4538</link>
      <description>&lt;P&gt;Hi G, Thanks for the reply.&lt;/P&gt;
&lt;P&gt;Okay, I understand that the process detail may be confidential, but I just want to know high-level idea. For example, where that measure is performed and how they measure them are enough in this question. I guess that microcode has related something.&amp;nbsp; Is there a material associated with this question? I didn't find it.&lt;/P&gt;</description>
      <pubDate>Wed, 28 Apr 2021 17:09:05 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277386#M4538</guid>
      <dc:creator>hyunsoo</dc:creator>
      <dc:date>2021-04-28T17:09:05Z</dc:date>
    </item>
    <item>
      <title>Re:About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277480#M4539</link>
      <description>&lt;P&gt;Hello Hyunsoo,&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;All of that data together comprise what you have probably seen as the Trusted Computing Base (TCB). The Intel Attestation Service maintains a database of acceptable TCBs for all Intel processors that support SGX. During attestation, the data in the provided quote is compared to the known-good TCBs maintained by Intel and you get the comparison results. &lt;/P&gt;&lt;P&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;Sincerely,&lt;/P&gt;&lt;P&gt;Jesus G.&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Wed, 28 Apr 2021 23:22:31 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277480#M4539</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2021-04-28T23:22:31Z</dc:date>
    </item>
    <item>
      <title>Re: About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277484#M4540</link>
      <description>&lt;P&gt;Hyunsoo,&lt;/P&gt;
&lt;P&gt;You may enjoy reading the SGX Explained paper: &lt;A href="https://eprint.iacr.org/2016/086.pdf" target="_blank" rel="noopener"&gt;https://eprint.iacr.org/2016/086.pdf&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 29 Apr 2021 21:00:06 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277484#M4540</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2021-04-29T21:00:06Z</dc:date>
    </item>
    <item>
      <title>Re:About SW_HARDENING_NEEDED</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277794#M4543</link>
      <description>&lt;P&gt;&lt;B&gt;This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.&lt;/B&gt;&lt;/P&gt;&lt;BR /&gt;</description>
      <pubDate>Thu, 29 Apr 2021 21:06:07 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-SW-HARDENING-NEEDED/m-p/1277794#M4543</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2021-04-29T21:06:07Z</dc:date>
    </item>
  </channel>
</rss>

