Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Query on Critical Security Update for SGX

Elephant
Beginner
‎08-23-2017 10:37 PM
455 Views

Hi,

We have noticed a critical update for SGX, which doesn't seem to affect the notebook I am working on.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr

The advisory mentioned that it affects only the following: "Intel Server Systems, NUC, and Compute Stick"

However, it also mentioned that " The improvement applies to 6th and 7th Generation Intel® Core™ Processor Families, Intel® Xeon® E3-1500M v5 and v6 Processor Families, and Intel® Xeon® E3-1200 v5 and v6 Processor Families."

Since my laptop is a 7th Gen Intel Core Processor, it is affected by the critical security hole found by Intel right?  However, I would think that there are no security updates yet?  Can anyone from Intel confirm this information please?

Thank you.

Kind Regards,
Elephant

0 Kudos

Link Copied

2 Replies
Rodolfo_S_
New Contributor III
‎08-24-2017 06:43 AM
455 Views

Hi,

I believe that the OEM should provide the BIOS update. Make sure to look for this update in your laptop manufacturer's website, or contact them to know when the update will be provided.

Regards,

Rodolfo

0 Kudos
Copy link
SSuma1
Beginner
‎08-28-2017 12:42 PM
455 Views

The advisory also has a note about remote attestation but the note doesn't say what exact changes. Does this mean an air-gapped machine will need to be brought online?

There was a talk in BlackHat this year about SGX Remote attestation by some cryptographer ( see Valerie Fenwick notes https://bubbva.blogspot.com/2017/08/bhusa17-sgx-remote-attestatin-is-not.html ). He outlined some problems related to current remote attestation. For example a service provider cannot locally verify Remote Attestation even if you have the public key. This is a problem we are currently dealing with because our private cloud is air-gapped. Will Intel address these problems in this upcoming release?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.