Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX - presence of Manageability Engine

Fredrik_T_
Beginner
443 Views

The SDK guide mentions monotonic counters and trusted time. These are apparently provided by the tae_service library, which communicates with special architectural enclaves.

Such features must surely require hardware support (non-volatile storage at the least). The prior SGX specifications did not mention any such features.

The SDK guide describes a "manageability engine" in a few short sentences:

Manageability engine. Resides in the chipset (PCH). Amongst other fea-
tures, it provides several protection related functions such as trusted 
time, monotonic counters and non-volatile storage. The ME is oper-
ating system independent.

Will all SGX-capable chipsets contain such a manageability engine, or is this an optional feature?

0 Kudos
1 Solution
Simon_J_Intel
Employee
443 Views

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

View solution in original post

1 Reply
Simon_J_Intel
Employee
444 Views

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

Reply