Intel

Intel SGX is a set of central processing unit (CPU) instruction codes
from
Intel

Intel that allows user-level code to allocate private regions of
memory, called enclaves, that are protected from processes running at
higher privilege levels.[1]
Intel

Intel designed SGX to be useful for
implementing secure remote computation, secure web browsing, and
digital rights management (DRM).[2]
Contents
1 Details
2 Prime+Probe attack
3 Spectre-like attack
4 References
5 External links
Details[edit]
Support for SGX in the CPU is indicated in
CPUID "Structured Extended
feature Leaf", EBX bit 02,[3] but its availability to applications
requires
BIOS

BIOS support and opt-in enabling which is not reflected in
CPUID bits. This complicates the feature detection logic for
applications.[4]
Emulation of SGX was added to experimental version of the
QEMU

QEMU system
emulator in 2014.[5] In 2015, researchers at the Georgia Institute of
Technology released an open-source simulator known as OpenSGX.[6]
It was introduced in 2015 with the sixth generation
Intel

Intel Core
microprocessors based on the Skylake microarchitecture.
One example of SGX used in security was a demo application from
wolfSSL[7] using it for cryptography algorithms. One example of a
secure service built using SGX is Fortanix's key management
service.[8] This entire cloud based service is built using SGX servers
and designed to provide privacy from cloud provider. An additional
example is
Numecent

Numecent using SGX to protect the DRM that is used to
authorize application execution with their Cloudpaging application
delivery products.[9]
Intel

Intel
Goldmont Plus (Gemini Lake) microarchitecture will also add
support for
Intel

Intel SGX.
Prime+Probe attack[edit]
On 27 March 2017 researchers at Austria's Graz University of
Technology developed a proof-of-concept that can grab RSA keys from
SGX enclaves running on the same system within five minutes by using
certain CPU instructions in lieu of a fine-grained timer to exploit
cache
DRAM

DRAM side-channels.[10][11] One countermeasure for this type of
attack was presented and published by Daniel Gruss et al. at the
USENIX

USENIX Security Symposium in 2017.[12] Among other published
countermeasures, one countermeasure to this type of attack was
published on September 28, 2017, a compiler-based tool, DR.SGX,[13]
that claims to have superior performance with the elimination of the
implementation complexity of other proposed solutions.
Spectre-like attack[edit]
The LSDS group at Imperial College London showed a proof of concept
that the Spectre speculative execution security vulnerability can be
adapted to attack the secure enclave.[14]
References[edit]
Computer security

Computer security portal
^ "
Intel

Intel SGX for Dummies (
Intel

Intel SGX Design Objectives)". intel.com.
2013-09-26.
^ "
Intel

Intel SGX Details". intel.com. 2017-07-05.
^
Intel

Intel Architecture Instruction Set Extensions Programming Reference,
Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h,
EBX Bit 02: SGX"
^ "Properly Detecting
Intel

Intel
Software Guard Extensions in Your
Applications". intel.com. 2016-05-13.
^ https://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf
^ "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.
^ "wolfSSL At IDF". wolfssl. 2016-08-11.
^ "Fortanix
Intel

Intel SGX Based Key Management". 2017-02-26.
^ "
Numecent

Numecent Cloudpaging at
Intel

Intel IDF". numecent.com. 2016-08-16.
^ Chirgwin, Richard (March 7, 2017). "Boffins show Intel's SGX can
leak crypto keys". The Register. Retrieved 1 May 2017.
^ Schwarz, Michael; Weiser, Samuel; Gruss, Daniel; Maurice,
Clémentine; Mangard, Stefan (March 1, 2017). "Malware Guard
Extension: Using SGX to Conceal Cache Attacks". Graz University of
Technology. Retrieved 1 May 2017.
^ "Strong and Efficient Cache Side-Channel Protection using Hardware
Transactional Memory" (PDF). USENIX. 2017-08-16.
^ "DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data
Location Randomization" (PDF). arxiv.org. 2017-09-28.
^ Sample code demonstrating a Spectre-like attack against an
Intel

Intel SGX
enclave.
External links[edit]
Intel

Intel
Software Guard Extensions (
Intel

Intel SGX) / ISA Extensions, Intel
Intel

Intel
Software Guard Extensions (
Intel

Intel SGX) Programming Reference,
Intel, October 2014
IDF 2015 - Tech Chat: A Primer on
Intel

Intel Software Guard Extensions,
Intel

Intel (poster)
ISCA 2015 tutorial slides for
Intel

Intel SGX, Intel, June 2015
McKeen, Frank, et al. (Intel), Innovative Instructions and Software
Model for Isolated Execution // Proceedings of the 2nd International
Workshop on Hardware and Architectural Support for Security and
Privacy. ACM, 2013.
Joanna Rutkowska, Thoughts on Intel's upcoming Software Guard
Extensions (Part 1), August 2013
SGX: the good, the bad and the downright ugly / Shaun Davenport,
Richard Ford (Florida Institute of Technology) / Virus Bulletin,
2014-01-07
Victor Costan and Srinivas Devadas,
Intel

Intel SGX Explained, January 2016.
wolfSSL, October 2016.
The Security of
Intel

Intel SGX for Key Protection and Data Privacy
Applications / Professor Yehuda Lindell (Bar Ilan University &
Unbound Tech), January 2018
v
t
e
Intel
Subsidiaries
3Dlabs
Altera
Comneon
Intel

Intel Security
Mobileye
Recon Instruments
Virtutech
Wind River Systems
4Group Holdings (50% owned by Technicolor SA)
Products
Intel

Intel AZ210
3D XPoint
Accounts & SSO
Amplify Tablet
Advanced Programmable Interrupt Controller
Cache Acceleration Software
Client Initiated Remote Access
Direct Media Interface
Flexible Display Interface
Hella Zippy
Intel

Intel 1103
Intel

Intel Display Power Saving Technology
Intel

Intel Modular Server System
Intel

Intel Reader
Intel

Intel SPSH4
Intel

Intel System Development Kit
Intel

Intel Upgrade Service
Intel740
InTru3D
IXP1200
OFono
Omni-Path
Performance acceleration technology
Shooting Star
Smart Cache
SSDs (X25-M)
Stable Image Platform
Virtual 8086 mode
WiDi
X86
Intel

Intel Clear Video
Intel

Intel Quick Sync Video
Litigation
Advanced Micro Devices, Inc. v.
Intel

Intel Corp.
High-Tech Employee Antitrust Litigation
Intel

Intel Corp. v. Advanced Micro Devices, Inc.
Intel

Intel Corp. v. Hamidi
Intel

Intel Corporation Inc. v CPM United Kingdom Ltd
Silvaco Data Systems v.
Intel

Intel Corp.
People
Gordon Moore
Robert Noyce
Related
Intel

Intel Foundation Achievement Award
Apple's transition to
Intel

Intel processors
Intel

Intel Architecture Labs
ASCI Red
BiiN
Classmate PC
Convera Corporation
Copy Exactly!
Cornell Cup USA
Intel

Intel Developer Forum
Dynamic video memory technology
Intel

Intel Extreme Masters
List of
Intel

Intel microprocessors
List of
Intel

Intel graphics processing units (2013 or earlier)
I/O Acceleration Technology
IA-32 Execution Layer
IM Flash Technologies
The Innovators
Inside
Inside Films
Intel

Intel ADX
Intel

Intel Capital
Intel

Intel Cluster Ready
Intel

Intel Compute Stick
Intel

Intel Ireland
Intel

Intel Mobile Communications
Intel

Intel Outstanding Researcher Award
Intel

Intel SHA extensions
Intel

Intel Teach
List of semiconductor fabrication plants
List of
Intel

Intel manufacturing sites
Intel

Intel Museum
OnCue
Intel

Intel PRO/Wireless
Intel

Intel International Science and Engineering Fair
Regeneron Science Talent Search
Simple
Firmware

Firmware Interface
Single-chip Cloud Computer
Software Guard Extensions
Supervisor Mode Access Prevention
Tarari
Intel

Intel Technology Journal
Intel

Intel Tera-Scale
Timeline of Intel
Xircom
v
t
e
CPU technologies
Architecture
Turing machine
Post–Turing machine
Universal Turing machine
Quantum Turing machine
Belt machine
Stack machine
Register machine
Counter machine
Pointer machine
Random access machine
Random access stored program machine
Finite-state machine
Queue automaton
Von Neumann
Harvard (modified)
Dataflow
TTA
Cellular
Artificial neural network
Machine learning
Deep learning
Neural processing unit (NPU)
Convolutional neural network
Load/store architecture
Register memory architecture
Endianness
FIFO
Zero-copy
NUMA
HUMA
HSA
Mobile computing
Surface computing
Wearable computing
Heterogeneous computing
Parallel computing
Concurrent computing
Distributed computing
Cloud computing
Amorphous computing
Ubiquitous computing
Fabric computing
Cognitive computing
Unconventional computing
Hypercomputation
Quantum computing
Adiabatic quantum computing
Linear optical quantum computing
Reversible computing
Reverse computation
Reconfigurable computing
Optical computing
Ternary computer
Analogous computing
Mechanical computing
Hybrid computing
Digital computing
DNA computing
Peptide computing
Chemical computing
Organic computing
Wetware computing
Neuromorphic computing
Symmetric multiprocessing

Symmetric multiprocessing (SMP)
Asymmetric multiprocessing

Asymmetric multiprocessing (AMP)
Cache hierarchy
Memory hierarchy
ISA types
ASIP
CISC
RISC
EDGE (TRIPS)
VLIW (EPIC)
MISC
OISC
NISC
ZISC
Comparison
ISAs
x86
z/Architecture
ARM
MIPS
Power Architecture

Power Architecture (PowerPC)
SPARC
Mill
Itanium

Itanium (IA-64)
Alpha
Prism
SuperH
V850
Clipper
VAX
Unicore
PA-RISC
MicroBlaze
RISC-V
Word size
1-bit
2-bit
4-bit
8-bit
9-bit
10-bit
12-bit
15-bit
16-bit
18-bit
22-bit
24-bit
25-bit
26-bit
27-bit
31-bit
32-bit
33-bit
34-bit
36-bit
39-bit
40-bit
48-bit
50-bit
60-bit
64-bit
128-bit
256-bit
512-bit
Variable
Execution
Instruction pipelining
Bubble
Operand forwarding
Out-of-order execution
Register renaming
Speculative execution
Branch predictor
Memory dependence prediction
Hazards
Parallel level
Bit
Bit-serial
Word
Instruction
Pipelining
Scalar
Superscalar
Task
Thread
Process
Data
Vector
Memory
Multithreading
Temporal
Simultaneous (SMT) (Hyper-threading)
Speculative (SpMT)
Preemptive
Cooperative
Clustered Multi-Thread (CMT)
Hardware scout
Flynn's taxonomy
SISD
SIMD

SIMD (SWAR)
SIMT
MISD
MIMD
SPMD
Addressing mode
CPU performance
Instructions per second (IPS)
Instructions per clock (IPC)
Cycles per instruction (CPI)
Floating-point operations per second (FLOPS)
Transactions per second (TPS)
Synaptic Updates Per Second (SUPS)
Performance per watt
Orders of magnitude (computing)
Cache performance measurement and metric
Core count
Single-core processor
Multi-core processor
Manycore processor
Types
Central processing unit

Central processing unit (CPU)
GPGPU
AI accelerator
Vision processing unit (VPU)
Vector processor
Barrel processor
Stream processor
Digital signal processor

Digital signal processor (DSP)
I/O processor/DMA controller
Network processor
Baseband processor
Physics processing unit

Physics processing unit (PPU)
Coprocessor
Secure cryptoprocessor
ASIC
FPGA
FPOA
CPLD
Microcontroller
Microprocessor
Mobile processor
Notebook processor
Ultra-low-voltage processor
Multi-core processor
Manycore processor
Tile processor
Multi-chip module

Multi-chip module (MCM)
Chip stack multi-chip modules
System on a chip

System on a chip (SoC)
Multiprocessor system-on-chip (MPSoC)
Programmable
System-on-Chip

System-on-Chip (PSoC)
Network on a chip (NoC)
Components
Execution unit (EU)
Arithmetic logic unit

Arithmetic logic unit (ALU)
Address generation unit

Address generation unit (AGU)
Floating-point unit

Floating-point unit (FPU)
Load-store unit (LSU)
Branch predictor
Unified Reservation Station
Barrel shifter
Uncore
Sum addressed decoder (SAD)
Front-side bus
Back-side bus
Northbridge (computing)
Southbridge (computing)
Adder (electronics)
Binary multiplier
Binary decoder
Address decoder
Multiplexer
Demultiplexer
Registers
Cache
Memory management unit

Memory management unit (MMU)
Input–output memory management unit

Input–output memory management unit (IOMMU)
Integrated
Memory Controller (IMC)
Power Management Unit (PMU)
Translation lookaside buffer

Translation lookaside buffer (TLB)
Stack engine
Register file
Processor register
Hardware register
Memory buffer register (MBR)
Program counter
Microcode

Microcode ROM
Datapath
Control unit
Instruction unit
Re-order buffer
Data buffer
Write buffer
Coprocessor
Electronic switch
Electronic circuit
Integrated circuit
Three-dimensional integrated circuit
Boolean circuit
Digital circuit
Analog circuit
Mixed-signal integrated circuit
Power management integrated circuit
Quantum circuit
Logic gate
Combinational logic
Sequential logic
Emitter-coupled logic

Emitter-coupled logic (ECL)
Transistor–transistor logic

Transistor–transistor logic (TTL)
Glue logic
Quantum gate
Gate array
Counter (digital)
Bus (computing)
Semiconductor device
Clock rate
CPU multiplier
Vision chip
Memristor
Power
management
APM
ACPI
Dynamic frequency scaling
Dynamic voltage scaling
Clock gating
Hardware
security
Non-executable memory (NX bit)
Memory Protection Extensions (
Intel

Intel MPX)
Intel

Intel Secure Key
Hardware restriction (firmware)
Software Guard Extensions (
Intel

Intel SGX)
Trusted Execution Technology
Trusted Platform Module

Trusted Platform Module (TPM)
Secure cryptoprocessor
Hardware security module
Hengzhi chip
Related
History of general-purpose CPUs
v
t
e
Instruction set

Instruction set extensions
SIMD

SIMD (RISC)
Alpha
MVI
ARM
NEON
MIPS
MDMX
MIPS-3D
MXU
MIPS SIMD
PA-RISC
MAX
Power ISA
AltiVec
SPARC
VIS
SIMD

SIMD (x86)
MMX (1996)
3DNow! (1998)
SSE (1999)
SSE2 (2001)
SSE3 (2004)
S
SSE3 (2006)
SSE4 (2006)
SSE5 (2007)
AVX (2008)
F16C (2009)
XOP (2009)
FMA (FMA4: 2011, FMA3: 2012)
AVX2 (2013)
AVX-512 (2015)
Bit manipulation
BMI (ABM: 2007, BMI1: 2012, BMI2: 2013, TBM: 2012)
ADX (2014)
Compressed instructions
Thumb
MIPS16e ASE
Security and cryptography
AES-NI (2008); 32- and 6
4-bit

4-bit ARMv8 also has AES instructions
CLMUL (2010)
RdRand (2012)
SHA (2013)
MPX (2015)
SGX (2015)
Transactional memory
TSX (2013)
ASF
Virtualization
VT-x

VT-x (2005)
AMD-V

AMD-V (2006)
Suspended extensions' dates have be