Intel Software Guard Extensions (SGX) is a set of security-related

instruction code In computing, an opcode (abbreviated from operation code, also known as instruction machine code, instruction code, instruction syllable, instruction parcel or opstring) is the portion of a machine language instruction that specifies the operat ...

s that are built into some

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...

central processing unit A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, an ...

s (CPUs). They allow user-level and

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

code to define protected private regions of memory, called ''enclaves''. SGX is designed to be useful for implementing secure

remote computation Remote may refer to: Arts, entertainment, and media * ''Remote'' (1993 film), a 1993 movie * ''Remote'' (2004 film), a Tamil-language action drama film * ''Remote'' (album), a 1988 album by Hue & Cry * Remote (band), ambient chillout band * ' ...

, secure

web browsing Web navigation refers to the process of navigating a network of information resources in the World Wide Web, which is organized as hypertext or hypermedia. The user interface that is used to do so is called a web browser. A central theme in we ...

, and

digital rights management Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) such as access control technologies can restrict the use of proprietary hardware and copyrighted work ...

(DRM). Other applications include concealment of proprietary algorithms and of encryption keys. SGX involves

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...

by the CPU of a portion of memory (the ''enclave''). Data and code originating in the enclave are decrypted on the fly ''within'' the CPU, protecting them from being examined or read by other code, including code running at higher

privilege level In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...

s such the

and any underlying

hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

s. While this can mitigate many kinds of attacks, it does not protect against side-channel attacks. A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation

Intel Core Intel Core is a line of streamlined midrange consumer, workstation and enthusiast computer central processing units (CPUs) marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time ...

Processors, but development continues on Intel Xeon for cloud and enterprise use.

Details

SGX was first introduced in 2015 with the sixth generation

microprocessors based on the

Skylake Skylake or Sky Lake may refer to: * Skylake (microarchitecture), the codename for a processor microarchitecture developed by Intel as the successor to Broadwell * Skylake (Mysia), a town of ancient Mysia, now in Turkey * Sky Lake, Florida Sky La ...

microarchitecture In computer engineering, microarchitecture, also called computer organization and sometimes abbreviated as µarch or uarch, is the way a given instruction set architecture (ISA) is implemented in a particular processor. A given ISA may be imp ...

. Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02, but its availability to applications requires

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...

UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples ...

support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications. Emulation of SGX was added to an experimental version of the

QEMU QEMU is a free and open-source emulator (Quick EMUlator). It emulates the machine's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of g ...

system emulator in 2014. In 2015, researchers at the

Georgia Institute of Technology The Georgia Institute of Technology, commonly referred to as Georgia Tech or, in the state of Georgia, as Tech or The Institute, is a public research university and institute of technology in Atlanta, Georgia. Established in 1885, it is part of ...

released an open-source simulator named "OpenSGX". One example of SGX used in security was a demo application from wolfSSL using it for cryptography algorithms. Intel Goldmont Plus (Gemini Lake) microarchitecture also contains support for Intel SGX. Both in the

11th 11 (eleven) is the natural number following 10 and preceding 12. It is the first repdigit. In English, it is the smallest positive integer whose name has three syllables. Name "Eleven" derives from the Old English ', which is first attested i ...

and 12th generations of Intel Core processors, SGX is listed as "Deprecated" and thereby not supported on "client platform" processors. This means

Ultra HD Blu-ray Ultra HD Blu-ray (4K Ultra HD, UHD-BD, or 4K Blu-ray) is a digital optical disc data storage format that is an enhanced variant of Blu-ray. Ultra HD Blu-ray discs are incompatible with existing standard Blu-ray players, though a traditional B ...

disc playback is not supported.

List of SGX vulnerabilities

Prime+Probe attack

On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab

RSA RSA may refer to: Organizations Academia and education * Rabbinical Seminary of America, a yeshiva in New York City *Regional Science Association International (formerly the Regional Science Association), a US-based learned society *Renaissance S ...

keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels. One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX Security Symposium in 2017. Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX, that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.

Spectre-like attack

The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave. The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX. A security advisory and mitigation for this attack, also called an L1 Terminal Fault, was originally issued on August 14, 2018 and updated May 11, 2021.

Enclave attack

On 8 February 2019, researchers at Austria's Graz University of Technology published findings, which showed that in some cases it is possible to run malicious code from within the enclave itself. The exploit involves scanning through process memory, in order to reconstruct a payload, which can then run code on the system. The paper claims that due to the confidential and protected nature of the enclave, it is impossible for

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name ...

to detect and remove malware residing within it. However, since modern anti-malware and antivirus solutions monitor system calls, and the interaction of the application with the operating system, it should be possible to identify malicious enclaves by their behavior, and this issue is unlikely to be a concern for state-of-the-art antiviruses. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code.

MicroScope replay attack

There is a proliferation of side-channel attacks plaguing modern computer architectures. Many of these attacks measure slight, nondeterministic variations in the execution of code, so the attacker needs many, possibly tens of thousands, of measurements to learn secrets. However, the MicroScope attack allows a malicious OS to replay code an arbitrary number of times regardless of the programs actual structure, enabling dozens of side-channel attacks. In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events.

Plundervolt

Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requires access to the privileged control of the processor's voltage and frequency. A security advisory and mitigation for this attack was originally issued on August 14, 2018 and updated on March 20, 2020.

LVI

Load Value Injection injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow. A security advisory and mitigation for this attack was originally issued on March 10, 2020 and updated on May 11, 2021.

SGAxe

SGAxe, an SGX vulnerability published in 2020, extends a speculative execution attack on cache, leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation. In other words, a threat actor can bypass Intel's countermeasures to breach SGX enclaves' confidentiality. Th
SGAxe attack
is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes. A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021.

ÆPIC leak

In 2022, security researchers discovered a vulnerability in the Advanced Programmable Interrupt Controller (APIC) that allows for an attacker with root/admin privileges to gain access to encryption keys via the APIC by inspecting data transfers from L1 and L2 cache. This vulnerability is the first architectural attack discovered on x86 CPUs. This differs from Spectre and Meltdown which uses a noisy

side channel In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorit ...

. This exploit currently affects Intel Core 10th, 11th and 12th, and Xeon Ice Lake microprocessors.

References

External links

Intel Software Guard Extensions (Intel SGX)
/ ISA Extensions, Intel *
Intel Software Guard Extensions (Intel SGX) Programming Reference
Intel, October 2014 *
IDF 2015 - Tech Chat: A Primer on Intel Software Guard Extensions
Intel (poster) *
ISCA 2015 tutorial slides for Intel SGX
Intel, June 2015 * McKeen, Frank, et al. (Intel)
Innovative Instructions and Software Model for Isolated Execution
// Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013. * Jackson, Alon, (PhD dissertation)
Trust is in the Keys of the Beholder: Extending SGX Autonomy and Anonymity
May 2017. * Joanna Rutkowska
Thoughts on Intel's upcoming Software Guard Extensions (Part 1)
August 2013
SGX: the good, the bad and the downright ugly
/ Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07 * Victor Costan and Srinivas Devadas
Intel SGX Explained
January 2016.
wolfSSL
October 2016.
The Security of Intel SGX for Key Protection and Data Privacy Applications
/ Professor Yehuda Lindell (Bar Ilan University & Unbound Tech), January 2018
Intel SGX Technology and the Impact of Processor Side-Channel Attacks
March 2020
How Confidential Computing Delivers A Personalised Shopping Experience
January 2021
Realising the Potential of Data Whilst Preserving Privacy with EyA and Conclave from R3
December 2021
Introduction to Intel Software Guard Extensions
June 2020 {{Multimedia extensions Intel X86 instructions Computer security