已解决: Re: Why Qemu-SGX not maintained any more?

LeoneChen · ‎06-06-2023

It say "This project has been identified as having known security escapes.", but what known security escapes?

Iffa_Intel · ‎06-07-2023

Yes, that is just to share you the concept of that attack in QEMU.

Focus on the fact that the vulnerability attacks host operating system that runs QEMU.

QEMU-SGX, as the name implies, it uses QEMU so even if Enclave don't trust OS&Host App in VM, or no VM, the vulnerability exist.

Cordially,

Iffa

在原帖中查看解决方案

Iffa_Intel · ‎06-06-2023

Hi,

Generally, the QEMU is vulnerable to Virtual Machine Escape attack which triggered when fragment packets are reassembled for processing. This allows an attacker to perform arbitrary code execution at the same privilege level as QEMU itself, and completely crash the QEMU process.

Cordially,

Iffa

LeoneChen · ‎06-06-2023

Thanks for reply!

Any hyper-links or details about this vulnerability or news?

Iffa_Intel · ‎06-07-2023

Here it is (Note that this is public info):

1. Vulnerability in QEMU allows attackers to perform virtual machine escape

2. NVD for (no 1) vulnerability

3. KVM breakout

Hope this helps!

If you don't have any further inquiries, shall I close this case?

Cordially,

Iffa

LeoneChen · ‎06-07-2023

But it seems that Qemu escape will not influent security of Enclave in VM, since Enclave don't trust OS&Host App in VM

Iffa_Intel · ‎06-07-2023

Yes, that is just to share you the concept of that attack in QEMU.

Focus on the fact that the vulnerability attacks host operating system that runs QEMU.

QEMU-SGX, as the name implies, it uses QEMU so even if Enclave don't trust OS&Host App in VM, or no VM, the vulnerability exist.

Cordially,

Iffa

LeoneChen · ‎06-08-2023

Thanks!

Thus it's due to Qemu problem, not an SGX problem

Iffa_Intel · ‎06-08-2023

Glad that helps!

Intel will no longer monitor this thread since this issue has been resolved. If you need any additional information from Intel, please submit a new question.

Cordially,

Iffa