Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Receiving ISV Enclave Trust Status as Enclave NOT TRUSTED. CONFIGURATION_AND_SW_HARDENING_NEEDED

k__balaganapathy
Novice
‎07-19-2020 11:56 PM
2,404 Views
Solved Jump to solution

Hi,

     I am trying out this remote attestation example https://github.com/intel/sgx-ra-sample

I'm using SGX SDK version 2.9.1 and openSSL version 1.1.1c. I'm running it on a dell laptop with BIOS 1.15.1 and latest microcode 0xd6 on ubuntu 18.04, Intel i7 8th gen. When executing the remote attestation example, in the final verification step, i receive ISV Enclave Trust Status as: Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED. The mitigation tools were properly added with sdk 2.9.1. Still i receive the same status. Can anyone make a suggestion on how to rectify this?

Regards,

Bala

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎07-22-2020 11:50 AM
2,309 Views
Solved Jump to solution

Intel will no longer monitor this thread since this issue has been resolved.  If you need any additional information from Intel, please submit a new question.

Hello Bala,

There are a few things going on here.

Intel-SA-00334 (Load Value Injection): https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html.

Please follow these links within the page above:

An attestation response may report “SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms that have applied the microcode and SGX platform software update and are properly configured but are affected by INTEL-SA-00334. In this case a Remote Attestation Verifier should evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk.

• An attestation response may report “CONFIGURATION_NEEDED” or “CONFIGURATION_AND_SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms affected by INTEL-SA-00289 that have applied the microcode update, but where the BIOS did not disable the interface the privileged software can cause undervoltage to the processor. The “CONFIGURATION_NEEDED” response implies the platform is not affected by INTEL-SA-00334, while “CONFIGURATION_AND_SW_HARDENING_NEEDED” indicates the platform is affected by INTEL-SA-00334.

In short, any processor that is affected by LVI will always receive the "SW_HARDENING_REPLY" even if you build the enclave with the mitigations place. It is up to the service provider/relying party to determine a policy whether to accept the enclave or not if it believes the mitigations have been put in place. In other words, IAS provides this information and the relying party determines what to do with the information.

The “CONFIGURATION_AND_SW_HARDENING_NEEDED” may come from a combination of SA-00334 and SA-00289 as described above, or from the fact that you can't disable internal Gfx from your BIOS so you will always get "CONFIGURATION_NEEDED."

Again, this is just info from IAS on what they found. Your policy at the service provider determines whether to trust the enclave or not knowing the above limitations.

 

View solution in original post

Copy link

Link Copied

4 Replies
JesusG_Intel
Moderator
‎07-20-2020 10:11 AM
2,383 Views
Solved Jump to solution

Hello Bala,


Your platform needs further configuration and mitigation actions. Please read this advisory, https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html, and download the Intel SGX Attestation Technical Details linked to in the following sentence:


"To address this issue, an SGX TCB recovery will be required in Q3 2020. Refer to Intel® SGX Attestation Technical Details for more information on the SGX TCB recovery process."


Copy link
k__balaganapathy
Novice
‎07-22-2020 01:09 AM
2,334 Views
Solved Jump to solution
In response to JesusG_Intel

Hello JesusG,

Thank you for replying. I went through the links that you provided and followed accordingly. Still i'm not able to rectify this status Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED.

I tried installing the latest SGX SDK v2.10 on my Ubuntu 18.04.4 LTS, Intel® Core™ i7-8650U.

Here is the server output i'm receiving after running the sample https://github.com/intel/sgx-ra-sample :

 

---- IAS Report - JSON - Optional Fields -----------------------------------
platformInfoBlob  = 1502006500000800000F0F02040101070000000000000000000B00000B000000020000000000000BCB2411F1D4E37D6B5CDF21B4613E469239F1C06588B7BE7C7CA81BFD312E355224084EE08C6DE3C0F4E161110917A447C999F63DEF657AF59768A4E15F74F912CB
revocationReason  = 
pseManifestStatus = 
pseManifestHash   = 
nonce             = 
epidPseudonym     = 
advisoryURL       = https://security-center.intel.com
advisoryIDs       = INTEL-SA-00334,INTEL-SA-00161,INTEL-SA-00219,INTEL-SA-00289
----------------------------------------------------------------------------
+++ Verifying report version against API version

---- ISV Enclave Trust Status ----------------------------------------------
Enclave NOT TRUSTED - Reason: CONFIGURATION_AND_SW_HARDENING_NEEDED
A Platform Info Blob (PIB) was provided by the IAS

 

The platform info blob returned by IAS:

 

 

---- Enclave Trust Status from Service Provider ----------------------------
Enclave NOT TRUSTED
+++ PIB: 00000800000f0f02040101070000000000000000000b00000b000000020000000000000bcb2411f1d4e37d6b5cdf21b4613e469239f1c06588b7be7c7ca81bfd312e355224084ee08c6de3c0f4e161110917a447c999f63def657af59768a4e15f74f912cb
+++ sgx_report_attestation_status ret = 0x0000

 

 

The advisoryIDs listed are INTEL-SA-00334,INTEL-SA-00161,INTEL-SA-00219,INTEL-SA-00289

  • As per INTEL-SA-00161 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html ), it was recommended to "update to the latest microcode". But i'm already using the latest microcode yet this is not resolved:
     Name              Version        Architecture   Description
intel-microcode    3.20200609.0ub  amd64         Processor microcode firmware 
                                                 for Intel CPUs​
    $ dmesg | grep microcode
[    1.855393] microcode: sig=0x806ea, pf=0x80, revision=0xd6
[    1.855580] microcode: Microcode Update Driver: v2.2.​
  • As per INTEL-SA-00219( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html ), to avoid this vulnerability "Ensure the latest BIOS from your system provider and Intel SGX platform software (PSW) is installed". I'm already using the latest BIOS: 
    $ sudo dmidecode -s bios-version
1.15.1​
    The SGX PSW is also installed as per SGX SDK 2.10. Also there is another recommendation "Disable integrated processor graphics where they are not used (usually server)." I'm not sure about this since i was not able to find any option to disable integrated graphics in bios. Kindly clarify if this is necessary. 
  • As per INTEL-SA-00289 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00289.html ), the recommendation was to "update to the latest BIOS version provided by the system manufacturer" which i've already done.
  • As per INTEL-SA-00334 ( https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html ), it was recommended to "Ensure the latest Intel SGX PSW 2.9.100.2 or above for Linux is installed". I've installed the latest SGX PSW as per SGX SDK 2.10.
  • I've also disabled hyperthreading (HT) as mentioned in one of your docs

Can you kindly help me troubleshoot the problem?

Regards,

Bala

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎07-22-2020 09:45 AM
2,317 Views
Solved Jump to solution

Hello Bala,


Thanks for the information. We will look into this further and I will update this thread when we have a response from our engineers.


0 Kudos
Copy link
JesusG_Intel
Moderator
‎07-22-2020 11:50 AM
2,310 Views
Solved Jump to solution

Intel will no longer monitor this thread since this issue has been resolved.  If you need any additional information from Intel, please submit a new question.

Hello Bala,

There are a few things going on here.

Intel-SA-00334 (Load Value Injection): https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html.

Please follow these links within the page above:

An attestation response may report “SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms that have applied the microcode and SGX platform software update and are properly configured but are affected by INTEL-SA-00334. In this case a Remote Attestation Verifier should evaluate the potential risk of an attack on these platforms and whether the attesting enclave employs adequate software hardening to mitigate the risk.

• An attestation response may report “CONFIGURATION_NEEDED” or “CONFIGURATION_AND_SW_HARDENING_NEEDED” for attestation requests originating from Intel® SGX-enabled platforms affected by INTEL-SA-00289 that have applied the microcode update, but where the BIOS did not disable the interface the privileged software can cause undervoltage to the processor. The “CONFIGURATION_NEEDED” response implies the platform is not affected by INTEL-SA-00334, while “CONFIGURATION_AND_SW_HARDENING_NEEDED” indicates the platform is affected by INTEL-SA-00334.

In short, any processor that is affected by LVI will always receive the "SW_HARDENING_REPLY" even if you build the enclave with the mitigations place. It is up to the service provider/relying party to determine a policy whether to accept the enclave or not if it believes the mitigations have been put in place. In other words, IAS provides this information and the relying party determines what to do with the information.

The “CONFIGURATION_AND_SW_HARDENING_NEEDED” may come from a combination of SA-00334 and SA-00289 as described above, or from the fact that you can't disable internal Gfx from your BIOS so you will always get "CONFIGURATION_NEEDED."

Again, this is just info from IAS on what they found. Your policy at the service provider determines whether to trust the enclave or not knowing the above limitations.

 

Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.