Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Fredrik_T_
Beginner
138 Views

SGX - presence of Manageability Engine

Jump to solution

The SDK guide mentions monotonic counters and trusted time. These are apparently provided by the tae_service library, which communicates with special architectural enclaves.

Such features must surely require hardware support (non-volatile storage at the least). The prior SGX specifications did not mention any such features.

The SDK guide describes a "manageability engine" in a few short sentences:

Manageability engine. Resides in the chipset (PCH). Amongst other fea-
tures, it provides several protection related functions such as trusted 
time, monotonic counters and non-volatile storage. The ME is oper-
ating system independent.

Will all SGX-capable chipsets contain such a manageability engine, or is this an optional feature?

0 Kudos

Accepted Solutions
Simon_J_Intel
Employee
138 Views

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

View solution in original post

1 Reply
Simon_J_Intel
Employee
139 Views

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

View solution in original post