Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Can SGX take over the role of TPM?

Mashiro_M_
Beginner
1,915 Views

Hi!

I've been reading the documentation about Intel SGx, and as far as what I've read with the documentation, SGx effectively minimizes the TPB to the CPU... effectively replacing the need for a TPM.

TPM is typically used during Secure Boot.

Is SGx capable of doing this? Can it also take the role of TPM during a (measured) Secure Boot process?

Any additional docs or reference will be much appreciated...

0 Kudos
1 Solution
Anusha_K_Intel
Employee
1,915 Views

Hi,

There isn't really a pre-boot environment role for SGX as currently implemented. It relies heavily on the platform software to provide some needed infrastructure, specifically the architectural enclaves (launch, quoting, etc.) and provisioning pieces, as well as OS components to manage resources such as memory pages. It's main purpose is provide an application-level TEE. Trying to extend its role beyond that would be a heavy lift if it were feasible at all.

View solution in original post

0 Kudos
2 Replies
Anusha_K_Intel
Employee
1,916 Views

Hi,

There isn't really a pre-boot environment role for SGX as currently implemented. It relies heavily on the platform software to provide some needed infrastructure, specifically the architectural enclaves (launch, quoting, etc.) and provisioning pieces, as well as OS components to manage resources such as memory pages. It's main purpose is provide an application-level TEE. Trying to extend its role beyond that would be a heavy lift if it were feasible at all.

0 Kudos
Mashiro_M_
Beginner
1,915 Views

I see, so it compliments TPM in this sense.

Thank you Anusha!

0 Kudos
Reply