I wanted to know what the security guarantees of SGX monotonic counters are.
Intel's documentation does not really state something about the security, and only explains how the API is supposed to be called.
I searched all of Intel's documentation on the topic and all forum posts, but did not find an answer.
I found a blog post (https://davejingtian.org/2017/11/10/some-notes-on-the-monotonic-counter-in-intel-sgx-and-me/) which goes into details about the process of creating a monotonic counter. Apparently, there are Intel AE messages, an SQlite database, something with Java(?) and the Intel ME involved.
Could someone clarify what exactly is going on, and what an attacker would need to do to break the monotonic counter security or tamper with the counter in non-volatile memory?
Thank you and have a good day!
Good morning, I hope the week has gone well for everyone.
We are certainly not Intel but it is largely self-evident that the security of Intel supplied SGX monotonicity sources is the integrity and security of the Management Engine (ME). The URL provided by the first poster provides a good summary with respect to discussing how SGX Platform Services (PS) is implemented.
In a nutshell, the strategy is to have platform service enclaves load Intel supplied and signed Java bytecode into the ME. The supplied code uses facilities in the ME to access platform NVRAM in order to provide a trust root for a monotonicity source either in the form of counters or time.
The security predicate is whatever one chooses to convey to the whole concept of the ME, which is obviously a political hot potato in technical circles. In a larger context, SGX, as a technology, is partitioning into two camps; servers and endpoint devices. As the linked article notes, access to the ME and platform services is not available on server platforms, which is currently the highest profile venue for the application of SGX technology.
Given all of this. there would seem to be the need for the SGX development eco-system to have a solid story on reliable sources for monotonicity.
We have previously written about the issue of SGX monotonicity in the past. Anyone interested can review that conversation via the following URL:
TPM's are well understood and a reasonably 'open' architecture. Any relevant SGX platform in the future will have access to TPM2 compliant hardware, either in the form of a hardware or firmware implementation. TPM technology is designed to have a reliable source of monotonic time that is persisted over system resets in NVRAM. What is needed is a replacement for the existing platform services architecture that uses a TPM rather then an ME based application as the root of trust for a monotonicity implementation.
In the case of Platform Trust Technology (PTT), the TPM implementation is actually a software simulator running on the ME, so once again, the conversation ultimately circles back as to how much trust one wants to confer on the whole concept of an ME architecture and its implementation.
Best wises for a pleasant weekend to everyone.