SGX has been in a number of Intel processors since the Skylake architecture is mainly used in cloud data centers to protect crypto operations. It is also used less frequently on desktop computers to decode videos protected with DRM.
A Box In The Processor
With SGX, programs can load code into a protected memory area of the system, which is managed by the Intel processor itself. After provisioning such an enclave, code running on the system can no longer look into it and can no longer change the software there. Even privileged system processes are prevented by the hardware from reading or even changing the content of the enclave. In addition, a so-called remote attestation server can verify from the network at any time that the code running in the enclave has not been manipulated.
The Launch Control System Can Sign Executable Codes
The code running within the enclave is subject to severe restrictions. For example, it must not make any system calls; the rest of the application connected to the enclave via the driver must do this. Once the enclave is set up, the content is protected from the rest of the system so that no data that should be kept secret.
For a long time, code that should run in SGX’s normal operating mode had to be signed with an Intel-certified developer key. Otherwise the processor did not execute it. Intel places very high security requirements on companies that use such keys and want to program SGX code. However, the second version of the architecture allows the so-called launch control, in which it is no longer Intel, but the system administrator who determines who can sign executable code.
The attack is extremely complicated and is therefore probably only suitable for very specific, targeted attacks. For example, if there is an exploit that is worth a lot and that the attacker wants to hide from the rest of the world for as long as possible. So far there are no software updates that protect against the postulated attacks. However, the SGX functions can be switched off in the BIOS on all systems that use them. So far, this seems to be the only effective protection against such an attack.
