Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Roshan_Mehta
Beginner
73 Views

BIOS part of TCB in case of SGX

Jump to solution

I had an argument with my friend who says BIOS is also a part of TCB for an application using SGX and his point is as follows:

SGX support detection is indicated in CPUID EBX bit 02, but its availability to applications requires BIOS support and opt-in enabling which is not reflected in CPUID bits. So if your BIOS is corrupt or compromised, you could never be able to detect SGX and use SGX feature. 

Does he make sense? because I remember reading it somewhere that SGX TCB is the only CPU.

0 Kudos

Accepted Solutions
Juan_d_Intel
Employee
73 Views

A compromised BIOS could disable SGX on a platform. But that's a DoS attack, which SGX has no way to prevent.

However, the BIOS is outside an enclave TCB. A running enclave doesn't "use" the BIOS.

View solution in original post

1 Reply
Juan_d_Intel
Employee
74 Views

A compromised BIOS could disable SGX on a platform. But that's a DoS attack, which SGX has no way to prevent.

However, the BIOS is outside an enclave TCB. A running enclave doesn't "use" the BIOS.

View solution in original post