We have noticed a critical update for SGX, which doesn't seem to affect the notebook I am working on.
The advisory mentioned that it affects only the following: "Intel Server Systems, NUC, and Compute Stick"
However, it also mentioned that " The improvement applies to 6and 7 Generation Intel® Core™ Processor Families, Intel® Xeon® E3-1500M v5 and v6 Processor Families, and Intel® Xeon® E3-1200 v5 and v6 Processor Families."
Since my laptop is a 7th Gen Intel Core Processor, it is affected by the critical security hole found by Intel right? However, I would think that there are no security updates yet? Can anyone from Intel confirm this information please?
I believe that the OEM should provide the BIOS update. Make sure to look for this update in your laptop manufacturer's website, or contact them to know when the update will be provided.
The advisory also has a note about remote attestation but the note doesn't say what exact changes. Does this mean an air-gapped machine will need to be brought online?
There was a talk in BlackHat this year about SGX Remote attestation by some cryptographer ( see Valerie Fenwick notes https://bubbva.blogspot.com/2017/08/bhusa17-sgx-remote-attestatin-is-not.html ). He outlined some problems related to current remote attestation. For example a service provider cannot locally verify Remote Attestation even if you have the public key. This is a problem we are currently dealing with because our private cloud is air-gapped. Will Intel address these problems in this upcoming release?