- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi team. I have an Intel NUC7PJYH (J5005) that is reporting "SW_HARDENING_NEEDED" due to "INTEL-SA-00657" vulnerability. I'm using Ubuntu 22.04 with latest Intel Microcode:
juan@nuc2:~$ sudo dmesg | grep microcode
[ 1.286371] microcode: sig=0x706a8, pf=0x1, revision=0x20
[ 1.286628] microcode: Microcode Update Driver: v2.2.
juan@nuc2:~$
is this vulnerability suposed to be fixed in this microcode version or am I wrong?
what can I do to fix it?
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Juan,
You will need to following the recommendations in SA-00657 (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html) that talk about the new SGX SDK versions. If you have are already running the SGX SDK version 2.17.101.1 or later, then you don't need to do anything further. The message will always show up, because Intel actually has no way of knowing if an ISV has the mitigations already.
"If a processor is affected by this security advisory (LVI), IAS will always reply with at least "SW_HARDENING_NEEDED." There is no way for IAS to tell if a customer has built their enclaves with the mitigations in place. The relying party needs to look at its enclave's ISVSVN (enclave version) and decide if it's up-to-date or not." For more information, see this post on the Forums: https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-mitigate-common-SAs-reported-by-IAS-during-remote/td-p/1211599
Let me know if you have more questions
Sincerely,
Sahira
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Juan,
You will need to following the recommendations in SA-00657 (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html) that talk about the new SGX SDK versions. If you have are already running the SGX SDK version 2.17.101.1 or later, then you don't need to do anything further. The message will always show up, because Intel actually has no way of knowing if an ISV has the mitigations already.
"If a processor is affected by this security advisory (LVI), IAS will always reply with at least "SW_HARDENING_NEEDED." There is no way for IAS to tell if a customer has built their enclaves with the mitigations in place. The relying party needs to look at its enclave's ISVSVN (enclave version) and decide if it's up-to-date or not." For more information, see this post on the Forums: https://community.intel.com/t5/Intel-Software-Guard-Extensions/How-to-mitigate-common-SAs-reported-by-IAS-during-remote/td-p/1211599
Let me know if you have more questions
Sincerely,
Sahira

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page