Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Mashiro_M_
Beginner
380 Views

Can SGX take over the role of TPM?

Jump to solution

Hi!

I've been reading the documentation about Intel SGx, and as far as what I've read with the documentation, SGx effectively minimizes the TPB to the CPU... effectively replacing the need for a TPM.

TPM is typically used during Secure Boot.

Is SGx capable of doing this? Can it also take the role of TPM during a (measured) Secure Boot process?

Any additional docs or reference will be much appreciated...

0 Kudos
1 Solution
Anusha_K_Intel
Employee
380 Views

Hi,

There isn't really a pre-boot environment role for SGX as currently implemented. It relies heavily on the platform software to provide some needed infrastructure, specifically the architectural enclaves (launch, quoting, etc.) and provisioning pieces, as well as OS components to manage resources such as memory pages. It's main purpose is provide an application-level TEE. Trying to extend its role beyond that would be a heavy lift if it were feasible at all.

View solution in original post

2 Replies
Anusha_K_Intel
Employee
381 Views

Hi,

There isn't really a pre-boot environment role for SGX as currently implemented. It relies heavily on the platform software to provide some needed infrastructure, specifically the architectural enclaves (launch, quoting, etc.) and provisioning pieces, as well as OS components to manage resources such as memory pages. It's main purpose is provide an application-level TEE. Trying to extend its role beyond that would be a heavy lift if it were feasible at all.

View solution in original post

Mashiro_M_
Beginner
380 Views

I see, so it compliments TPM in this sense.

Thank you Anusha!

Reply