Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

sgx_foreshadow_issue remote_attestation_issue

du__xin
Beginner
707 Views

We are facing the following issue even with the updated cpu microcode and Ubuntu 16.04 kernel.  

Errors:

======================================================================

---- Enclave Trust Status from Service Provider ----------------------------

Enclave NOT TRUSTED

----------------------------------------------------------------------------

 

---- Platform Update Required ----------------------------------------------

The following Platform Update(s) are required to bring this

platform's Trusted Computing Base (TCB) back into compliance:

 

 * The CPU Microcode needs to be updated.  Contact your OEM for a platform

   BIOS Update.

======================================================================

 

The following mitigation solutions have been attempted. But still failed with above errors

 

Based on the microcode reference: https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

 

======================================================================

dmesg | grep 'microcode'

[    0.000000] microcode: microcode updated early to revision 0x96, date = 2018-05-02

[    1.224122] microcode: sig=0x906ea, pf=0x20, revision=0x96

[    1.224898] microcode: Microcode Update Driver: v2.2.

======================================================================

Based on Ubuntu kernel update reference.

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

 

cat /sys/devices/system/cpu/vulnerabilities/l1tf

Mitigation: PTE Inversion

 

Ubuntu kernel information.

dpkg -l | grep linux-image

 

linux-image-4.15.0-32-generic              4.15.0-32.35~16.04.1 amd64        Signed kernel image generic

0 Kudos
1 Solution
Scott_R_Intel
Employee
707 Views

Hello.

What version of the BIOS are you using?  The latest I see on Dell's website explicitly calls out the uCode fix for SA-115, though it appears you probably have the correct version.

Ver. 1.2.1

Fixes & Enhancements

Enhancements:
1. Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115 (CVE-2018-3639 & CVE-2018-3640)
2. CPU performance and thermal behavior.
 

https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=C1HPN

Regards.

Scott

View solution in original post

0 Kudos
3 Replies
Scott_R_Intel
Employee
707 Views

Hello.

Which platform/motherboard and CPU are you getting this message on? Also, which PSW version are you using?

Regards.

Scott

0 Kudos
du__xin
Beginner
707 Views

Scott R. (Intel) wrote:

Hello.

Which platform/motherboard and CPU are you getting this message on? Also, which PSW version are you using?

Regards.

Scott

Sorry I missed that

Base Board Information
  • Manufacturer: Alienware
  • Product Name: Alienware 15 R4
  • Version: A00
  • Serial Number: .91C9PN2.CN1296384701A9.
  • Asset Tag:
  • Features:
  • Board is a hosting board
  • Board is replaceable
  • Location In Chassis: *
  • Chassis Handle: 0x0003
  • Type: Motherboard
  • Contained Object Handles: 0

CPU model name : Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz

PSW installed: ​sgx_linux_x64_psw_2.2.100.45311.bin

0 Kudos
Scott_R_Intel
Employee
708 Views

Hello.

What version of the BIOS are you using?  The latest I see on Dell's website explicitly calls out the uCode fix for SA-115, though it appears you probably have the correct version.

Ver. 1.2.1

Fixes & Enhancements

Enhancements:
1. Updated CPU microcode to address security advisory Intel Security Advisory INTEL-SA-00115 (CVE-2018-3639 & CVE-2018-3640)
2. CPU performance and thermal behavior.
 

https://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=C1HPN

Regards.

Scott

0 Kudos
Reply