Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

A security concern about SGX

Changzheng_W_Intel
Employee
‎11-22-2016 12:27 AM
438 Views

Hi

As I know, a SGX enclave memory will be encrypted until it is loaded into CPU.

The memory will be decrypted by memory controller, it means that the secret message will be loaded into CPU cache as a plaintext, right?

If a malicious software or malicious enclave try to flush or desctroy the whole cache line, How does SGX protect the secret in the cache?

Is there any document introduce the details about SGX instruction behavior inside CPU?

 

Thanks

0 Kudos

Link Copied

1 Reply
Surenthar_S_Intel
Employee
‎11-22-2016 03:00 AM
438 Views

Hi,

Section 5 of our whitepaper explains the process for building an enclave. Whilst a Ring0 component executes the instructions, the HW architecture is responsible for the security of the enclave. The measurement created by the HW during this process is inaccessible to the Ring0 component.

At the end of the build process you have an enclave with a measurement and it then uses the attestation process to allow a verifier to determine that the enclave was built as it required and then to deploy a secret to the enclave.

Keys used to keep the secret local are also bound to the measurement of the enclave.

-Surenthar

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.