Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Why Qemu-SGX not maintained any more?

LeoneChen
Beginner
‎06-06-2023 04:50 AM
1,198 Views
Solved Jump to solution

intel/qemu-sgx (github.com)

It say "This project has been identified as having known security escapes.", but what known security escapes?

0 Kudos
1 Solution
Iffa_Intel
Moderator
‎06-07-2023 02:33 AM
1,118 Views
Solved Jump to solution

Yes, that is just to share you the concept of that attack in QEMU.

Focus on the fact that the vulnerability attacks host operating system that runs QEMU.

QEMU-SGX, as the name implies, it uses QEMU so even if Enclave don't trust OS&Host App in VM, or no VM, the vulnerability exist.

 

Cordially,

Iffa


View solution in original post

0 Kudos
Copy link

Link Copied

7 Replies
Iffa_Intel
Moderator
‎06-06-2023 09:00 PM
1,166 Views
Solved Jump to solution

Hi,


Generally, the QEMU is vulnerable to Virtual Machine Escape attack which triggered when fragment packets are reassembled for processing. This allows an attacker to perform arbitrary code execution at the same privilege level as QEMU itself, and completely crash the QEMU process.



Cordially,

Iffa


0 Kudos
Copy link
LeoneChen
Beginner
‎06-06-2023 11:05 PM
1,155 Views
Solved Jump to solution
In response to Iffa_Intel

Thanks for reply!

 

Any hyper-links or details about this vulnerability or news?

In response to Iffa_Intel
0 Kudos
Copy link
Iffa_Intel
Moderator
‎06-07-2023 12:06 AM
1,148 Views
Solved Jump to solution

Here it is (Note that this is public info):

1. Vulnerability in QEMU allows attackers to perform virtual machine escape

2. NVD for (no 1) vulnerability

3. KVM breakout

 

Hope this helps!

If you don't have any further inquiries, shall I close this case?

 

 

Cordially,

Iffa

0 Kudos
Copy link
LeoneChen
Beginner
‎06-07-2023 12:32 AM
1,135 Views
Solved Jump to solution
In response to Iffa_Intel

But it seems that Qemu escape will not influent security of Enclave in VM, since Enclave don't trust OS&Host App in VM

In response to Iffa_Intel
0 Kudos
Copy link
Iffa_Intel
Moderator
‎06-07-2023 02:33 AM
1,119 Views
Solved Jump to solution

Yes, that is just to share you the concept of that attack in QEMU.

Focus on the fact that the vulnerability attacks host operating system that runs QEMU.

QEMU-SGX, as the name implies, it uses QEMU so even if Enclave don't trust OS&Host App in VM, or no VM, the vulnerability exist.

 

Cordially,

Iffa


0 Kudos
Copy link
LeoneChen
Beginner
‎06-08-2023 01:21 AM
1,095 Views
Solved Jump to solution
In response to Iffa_Intel

Thanks!

 

Thus it's due to Qemu problem, not an SGX problem

In response to Iffa_Intel
0 Kudos
Copy link
Iffa_Intel
Moderator
‎06-08-2023 09:05 PM
1,071 Views
Solved Jump to solution

Glad that helps!


Intel will no longer monitor this thread since this issue has been resolved. If you need any additional information from Intel, please submit a new question. 



Cordially,

Iffa


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.