Intel Software Guard Extensions (SGX) is a set of instruction codes implementing

trusted execution environment A trusted execution environment (TEE) is a secure area of a Central processing unit, main processor. It helps the code and data loaded inside it be protected with respect to Information security#Confidentiality, confidentiality and integrity. Data ...

that are built into some

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...

central processing unit A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary Processor (computing), processor in a given computer. Its electronic circuitry executes Instruction (computing), instructions ...

s (CPUs). They allow user-level and

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

code to define protected private regions of memory, called ''enclaves''. SGX is designed to be useful for implementing secure remote computation, secure

web browsing Web navigation refers to the process of navigating a Computer network, network of web resource, information resources in the International World Wide Web Conference, World Wide Web, which is organized as hypertext or hypermedia. The user interfac ...

, and

digital rights management Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures, such as access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM ...

(DRM). Other applications include concealment of proprietary algorithms and of

encryption key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...

s. SGX involves

encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...

by the CPU of a portion of memory (the ''enclave''). Data and code originating in the enclave are decrypted

on the fly On the fly is a phrase used to describe something that is being changed while the process that the change affects is ongoing. It is used in the automotive, computer, and culinary industries. In cars, on the fly can be used to describe the changin ...

''within'' the CPU, protecting them from being examined or read by other code, including code running at higher privilege levels such as the

and any underlying

hypervisor A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

s. While this can mitigate many kinds of attacks, it does not protect against

side-channel attack In computer security, a side-channel attack is a type of security exploit that leverages information inadvertently leaked by a system—such as timing, power consumption, or electromagnetic or acoustic emissions—to gain unauthorized access to ...

s. A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation

Intel Core Intel Core is a line of multi-core (with the exception of Core Solo and Core 2 Solo) central processing units (CPUs) for midrange, embedded, workstation, high-end and enthusiast computer markets marketed by Intel Corporation. These processors ...

processors, but development continues on Intel Xeon for cloud and enterprise use.

Details

SGX was first introduced in 2015 with the sixth generation

microprocessors based on the Skylake

microarchitecture In electronics, computer science and computer engineering, microarchitecture, also called computer organization and sometimes abbreviated as μarch or uarch, is the way a given instruction set architecture (ISA) is implemented in a particular ...

. Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02, but its availability to applications requires

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...

UEFI Unified Extensible Firmware Interface (UEFI, as an acronym) is a Specification (technical standard), specification for the firmware Software architecture, architecture of a computing platform. When a computer booting, is powered on, the UEFI ...

support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications. Emulation of SGX was added to an experimental version of the

QEMU The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the mach ...

system emulator in 2014. In 2015, researchers at the

Georgia Institute of Technology The Georgia Institute of Technology (commonly referred to as Georgia Tech, GT, and simply Tech or the Institute) is a public university, public research university and Institute of technology (United States), institute of technology in Atlanta, ...

released an open-source simulator named "OpenSGX". One example of SGX used in security was a demo application from wolfSSL using it for cryptography algorithms. Intel Goldmont Plus (Gemini Lake) microarchitecture also contains support for Intel SGX. Both in the 11th and 12th generations of Intel Core processors, SGX is listed as "Deprecated" and thereby not supported on "client platform" processors. This removed support of playing

Ultra HD Blu-ray Ultra HD Blu-ray (4K Ultra HD, UHD-BD, or 4K Blu-ray) is a digital optical disc data storage format that is an enhanced variant of Blu-ray. Ultra HD Blu-ray supports 4K UHD (3840 × 2160 pixel resolution) video at frame rates up to 60 progre ...

discs on officially licensed software, such as PowerDVD.

List of SGX vulnerabilities

Prime+Probe attack

On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache

DRAM Dram, DRAM, or drams may refer to: Technology and engineering * Dram (unit), a unit of mass and volume, and an informal name for a small amount of liquor, especially whisky or whiskey * Dynamic random-access memory, a type of electronic semicondu ...

side-channels. One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the

USENIX USENIX is an American 501(c)(3) nonprofit membership organization based in Berkeley, California and founded in 1975 that supports advanced computing systems, operating system (OS), and computer networking research. It organizes several confe ...

Security Symposium in 2017. Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX, that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.

Spectre-like attack

The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave. The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX. A security advisory and mitigation for this attack, also called an L1 Terminal Fault, was originally issued on August 14, 2018 and updated May 11, 2021.

Enclave attack

On 8 February 2019, researchers at Austria's Graz University of Technology published findings which showed that in some cases it is possible to run malicious code from within the enclave itself. The exploit involves scanning through process memory in order to reconstruct a payload, which can then run code on the system. The paper claims that due to the confidential and protected nature of the enclave, it is impossible for

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name ...

to detect and remove malware residing within it. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code.

MicroScope replay attack

There is a proliferation of

s plaguing modern computer architectures. Many of these attacks measure slight, nondeterministic variations in the execution of code, so the attacker needs many measurements (possibly tens of thousands) to learn secrets. However, the MicroScope attack allows a malicious OS to replay code an arbitrary number of times regardless of the program's actual structure, enabling dozens of side-channel attacks. In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events.

Plundervolt

Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requires access to the privileged control of the processor's voltage and frequency. A security advisory and mitigation for this attack was originally issued on August 14, 2018 and updated on March 20, 2020.

LVI

Load Value Injection injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow. A security advisory and mitigation for this attack was originally issued on March 10, 2020 and updated on May 11, 2021.

SGAxe

SGAxe, an SGX vulnerability published in 2020, extends a speculative execution attack on cache, leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation. In other words, a threat actor can bypass Intel's countermeasures to breach SGX enclaves' confidentiality. Th
SGAxe attack
is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes. A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021.

ÆPIC leak

In 2022, security researchers discovered a vulnerability in the

Advanced Programmable Interrupt Controller In computing, Intel's Advanced Programmable Interrupt Controller (APIC) is a family of programmable interrupt controllers. As its name suggests, the APIC is more advanced than Intel's 8259 Programmable Interrupt Controller (PIC), particularly enabl ...

(APIC) that allows for an attacker with root/admin privileges to gain access to encryption keys via the APIC by inspecting data transfers from L1 and L2 cache. This vulnerability is the first architectural attack discovered on

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the 8086 microprocessor and its 8-bit-external-bus variant, the 8088. Th ...

CPUs. This differs from Spectre and Meltdown which use a noisy side channel. This exploit currently affects Intel Core 10th, 11th and 12th generations, and Xeon Ice Lake microprocessors.

Extraction of the private key

The code signature is generated with a private key that is only in the enclave. The private key is encoded via “fuse” elements on the chip. In the process, bits are burnt through, giving them the binary value 0. This private key cannot be extracted because it is encoded in the hardware. Mark Ermolov, Maxim Goryachy and Dmitry Sklyarov refuted the claim to trustworthiness of the SGX concept at https://github.com/chip-red-pill/glm-ucode#.

SGX malware arguments

There has been a long debate on whether SGX enables creation of superior malware.

Oxford University The University of Oxford is a collegiate research university in Oxford, England. There is evidence of teaching as early as 1096, making it the oldest university in the English-speaking world and the second-oldest continuously operating u ...

researchers published an article in October 2022 considering attackers' potential advantages and disadvantages by abusing SGX for malware development. Researchers conclude that while there might be temporary zero-day vulnerabilities to abuse in SGX ecosystem, the core principles and design features of Trusted Execution Environments (TEEs) make malware weaker than a malware-in-the-wild, TEEs make no major contributions to malware otherwise.

References

External links

Intel Software Guard Extensions (Intel SGX)
/ ISA Extensions, Intel *
Intel Software Guard Extensions (Intel SGX) Programming Reference
, Intel, October 2014 *
IDF 2015 - Tech Chat: A Primer on Intel Software Guard Extensions
, Intel (poster) *
ISCA 2015 tutorial slides for Intel SGX
, Intel, June 2015 * McKeen, Frank, et al. (Intel)
Innovative Instructions and Software Model for Isolated Execution
// Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013. * Jackson, Alon, (PhD dissertation)
Trust is in the Keys of the Beholder: Extending SGX Autonomy and Anonymity
May 2017. * Joanna Rutkowska
Thoughts on Intel's upcoming Software Guard Extensions (Part 1)
August 2013
SGX: the good, the bad and the downright ugly
/ Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07 * Victor Costan and Srinivas Devadas
Intel SGX Explained
January 2016.
wolfSSL
October 2016.
The Security of Intel SGX for Key Protection and Data Privacy Applications
/ Professor Yehuda Lindell (Bar Ilan University & Unbound Tech), January 2018
Intel SGX Technology and the Impact of Processor Side-Channel Attacks
March 2020
How Confidential Computing Delivers A Personalised Shopping Experience
January 2021
Realising the Potential of Data Whilst Preserving Privacy with EyA and Conclave from R3
December 2021
Introduction to Intel Software Guard Extensions
June 2020 {{Multimedia extensions Intel X86 instructions Cybersecurity engineering