已解决: A compromised BIOS could

Roshan_Mehta · ‎11-17-2017

I had an argument with my friend who says BIOS is also a part of TCB for an application using SGX and his point is as follows:

SGX support detection is indicated in CPUID EBX bit 02, but its availability to applications requires BIOS support and opt-in enabling which is not reflected in CPUID bits. So if your BIOS is corrupt or compromised, you could never be able to detect SGX and use SGX feature.

Does he make sense? because I remember reading it somewhere that SGX TCB is the only CPU.

Juan_d_Intel · ‎11-21-2017

A compromised BIOS could disable SGX on a platform. But that's a DoS attack, which SGX has no way to prevent.

However, the BIOS is outside an enclave TCB. A running enclave doesn't "use" the BIOS.

在原帖中查看解决方案

Juan_d_Intel · ‎11-21-2017

A compromised BIOS could disable SGX on a platform. But that's a DoS attack, which SGX has no way to prevent.

However, the BIOS is outside an enclave TCB. A running enclave doesn't "use" the BIOS.

BIOS part of TCB in case of SGX