Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1448 Discussions

Unexpected EPID-based Attestation response for some products

Sahira_Intel
Moderator
1,793 Views

Sighting Description: A sub-set of products affected by the vulnerabilities disclosed and mitigated by Intel Product Update 2022.1 (IPU 2022.1) can return an unexpected EPID-based attestation response

 

Details: Intel® Software Guard Extensions (Intel® SGX) software developers that follow all current guidance with respect to microcode and software updates to mitigate vulnerabilities disclosed by IPU 2022.1 can receive an unexpected “configuration needed” response when leveraging Intel SGX Attestation Service Utilizing Intel® Enhanced Privacy ID. In this case, affected platforms with Hyper-Threading disabled (a recommended Intel SGX configuration) are treated as if Hyper-Threading is enabled, and a CONFIGURATION_AND_SW_HARDENING_NEEDED response is received, instead of the expected SW_HARDENING_NEEDED response.

 

Affected Products (listed by CPUID): 706E4, 806EC, 906ED, A0652, A0653, A0655, A0660, A0661, A0670, A0671 (Product Lookup)

 

Intel is prioritizing addressing this sighting via future software and microcode updates. As a temporary workaround, software developers could leverage the prior platform software, but should carefully consider their security requirements before doing so. Prior platform software will not contain the mitigations for vulnerabilities disclosed by IPU 2022.1. Note that Intel has elected to defer the ability of attestation to enforce the presence of microcode and software updates based on IPU 2022.1 to a future date, as communicated via a service broadcast email June 26.

 

July 5 (Update for CPUID = 906ED): A software update has been deployed for this product that is designed to prevent the unexpected attestation response for customers newly installing the latest Platform Software. Customers that previously encountered the unexpected attestation response for this product can contact sgx_program@intel.com for instructions on how to re-provision their platform for Intel® Enhanced Privacy ID (Intel® EPID).

 

July 7 (Update for CPUID = A0670): A software update has been deployed for this product, the follow-up instructions above also apply.

 

July 27 (Update for remainder of Affected Products listed above): Software updates have been deployed for these products, the follow-up instructions above also apply.

 

November 8 (Update for all Affected Products): Microcode updates are now available that address this sighting, and can be obtained from Public Github.

 

Labels (1)
0 Kudos
0 Replies
Reply