Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1554 Diskussionen

SGX - presence of Manageability Engine

Fredrik_T_
Einsteiger
‎01-22-2016 09:00 AM
2.743Aufrufe
Solved Zur Lösung gelangen

The SDK guide mentions monotonic counters and trusted time. These are apparently provided by the tae_service library, which communicates with special architectural enclaves.

Such features must surely require hardware support (non-volatile storage at the least). The prior SGX specifications did not mention any such features.

The SDK guide describes a "manageability engine" in a few short sentences:

Manageability engine. Resides in the chipset (PCH). Amongst other fea-
tures, it provides several protection related functions such as trusted 
time, monotonic counters and non-volatile storage. The ME is oper-
ating system independent.

Will all SGX-capable chipsets contain such a manageability engine, or is this an optional feature?

0 Kudos
1 Lösung
Simon_J_Intel
Mitarbeiter
‎01-22-2016 09:15 AM
2.743Aufrufe
Solved Zur Lösung gelangen

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

Lösung in ursprünglichem Beitrag anzeigen

0 Kudos
Link kopieren

Link kopiert

1 Antworten
Simon_J_Intel
Mitarbeiter
‎01-22-2016 09:15 AM
2.744Aufrufe
Solved Zur Lösung gelangen

You are correct in that the SGX HW architecture in itself does not provide these services directly on the platform.

In order to build usage models which required Monotonic Counter and/or Trusted Time services, the SDK included these services through reaching out securely to the Manageability Engine on the Platform Control Hub (PCH).

I cannot speculate on the feature set combinations of future platforms.

0 Kudos
Link kopieren
Antworten

Community-Support wird von Montag bis Freitag angeboten. Andere Kontaktmethoden finden Sie hier.

Intel überprüft nicht alle Lösungen, darunter auch nicht alle Dateiübertragungen, die ggf. in der Community stattfinden. Dementsprechend lehnt Intel alle ausdrücklichen und stillschweigenden Garantien ab, einschließlich und ohne Einschränkung stillschweigender Garantien der Marktgängigkeit, der Eignung für einen bestimmten Zweck und der Nichtverletzung von Rechten sowie jeglicher Garantien, die sich aus der Ausführung, Bearbeitung oder handelsmäßigen Verwendung ergeben.

Vollständige Angaben zu Compiler-Optimierungen finden Sie in unseren Optimierungshinweis.