Intel Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into some

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

central processing unit A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, an ...

s (CPUs). They allow user-level and

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

code to define protected private regions of memory, called ''enclaves''. SGX is designed to be useful for implementing secure remote computation, secure

web browsing Web navigation refers to the process of navigating a Computer network, network of web resource, information resources in the International World Wide Web Conference, World Wide Web, which is organized as hypertext or hypermedia. The user interface ...

, and

digital rights management Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM) such as access control technologies can restrict the use of proprietary hardware and copyrighted works. ...

(DRM). Other applications include concealment of proprietary algorithms and of

encryption key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...

s. SGX involves

encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...

by the CPU of a portion of memory (the ''enclave''). Data and code originating in the enclave are decrypted

on the fly On the fly is a phrase used to describe something that is being changed while the process that the change affects is ongoing. It is used in the automotive, computer, and culinary industries. In cars, on the fly can be used to describe the changing ...

''within'' the CPU, protecting them from being examined or read by other code, including code running at higher privilege levels such the

and any underlying

hypervisor A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is calle ...

s. While this can mitigate many kinds of attacks, it does not protect against

side-channel attack In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algori ...

s. A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation

Intel Core Intel Core is a line of streamlined midrange consumer, workstation and enthusiast computer central processing units (CPUs) marketed by Intel Corporation. These processors displaced the existing mid- to high-end Pentium processors at the time ...

Processors, but development continues on Intel Xeon for cloud and enterprise use.

Details

SGX was first introduced in 2015 with the sixth generation

microprocessors based on the Skylake microarchitecture. Support for SGX in the CPU is indicated in

CPUID In the x86 architecture, the CPUID instruction (identified by a CPUID opcode) is a processor supplementary instruction (its name derived from CPU IDentification) allowing software to discover details of the processor. It was introduced by Intel ...

"Structured Extended feature Leaf", EBX bit 02, but its availability to applications requires

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...

UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of ...

support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications. Emulation of SGX was added to an experimental version of the

QEMU QEMU is a free and open-source emulator (Quick EMUlator). It emulates the machine's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest ...

system emulator in 2014. In 2015, researchers at the

Georgia Institute of Technology The Georgia Institute of Technology, commonly referred to as Georgia Tech or, in the state of Georgia, as Tech or The Institute, is a public research university and institute of technology in Atlanta, Georgia. Established in 1885, it is part of ...

released an open-source simulator named "OpenSGX". One example of SGX used in security was a demo application from

wolfSSL wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS (SSL 3.0, TLS 1.0, 1.1, 1.2, 1.3, and DTLS 1.0, 1.2, and 1.3) written in the C programming lan ...

using it for cryptography algorithms. Intel

Goldmont Plus Goldmont Plus is a microarchitecture for low-power Atom (system on chip), Atom, Celeron and Pentium, Pentium Silver branded processors used in system on a chip, systems on a chip (SoCs) made by Intel. The ''Gemini Lake'' platform with 14 nm ...

(Gemini Lake) microarchitecture also contains support for Intel SGX. Both in the 11th and

12th 12 (twelve) is the natural number following 11 and preceding 13. Twelve is a superior highly composite number, divisible by 2, 3, 4, and 6. It is the number of years required for an orbital period of Jupiter. It is central to many systems ...

generations of Intel Core processors, SGX is listed as "Deprecated" and thereby not supported on "client platform" processors. This means

Ultra HD Blu-ray Ultra HD Blu-ray (4K Ultra HD, UHD-BD, or 4K Blu-ray) is a digital optical disc data storage format that is an enhanced variant of Blu-ray. Ultra HD Blu-ray discs are incompatible with existing standard Blu-ray players, though a traditional Bl ...

disc playback is not supported.

List of SGX vulnerabilities

Prime+Probe attack

On 27 March 2017 researchers at Austria's

Graz University of Technology Graz University of Technology (german: link=no, Technische Universität Graz, short ''TU Graz'') is one of five universities in Styria, Austria. It was founded in 1811 by Archduke John of Austria and is the oldest science and technology research ...

developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit

cache Cache, caching, or caché may refer to: Places United States * Cache, Idaho, an unincorporated community * Cache, Illinois, an unincorporated community * Cache, Oklahoma, a city in Comanche County * Cache, Utah, Cache County, Utah * Cache County ...

DRAM Dynamic random-access memory (dynamic RAM or DRAM) is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal-oxid ...

side-channels. One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at the USENIX Security Symposium in 2017. Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX, that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.

Spectre-like attack

The LSDS group at Imperial College London showed a proof of concept that the

Spectre Spectre, specter or the spectre may refer to: Religion and spirituality * Vision (spirituality) * Apparitional experience * Ghost Arts and entertainment Film and television * ''Spectre'' (1977 film), a made-for-television film produced and writ ...

speculative execution security vulnerability can be adapted to attack the secure enclave. The Foreshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX. A security advisory and mitigation for this attack, also called an L1 Terminal Fault, was originally issued on August 14, 2018 and updated May 11, 2021.

Enclave attack

On 8 February 2019, researchers at Austria's

published findings, which showed that in some cases it is possible to run malicious code from within the enclave itself. The exploit involves scanning through process memory, in order to reconstruct a payload, which can then run code on the system. The paper claims that due to the confidential and protected nature of the enclave, it is impossible for

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...

to detect and remove malware residing within it. However, since modern anti-malware and antivirus solutions monitor system calls, and the interaction of the application with the operating system, it should be possible to identify malicious enclaves by their behavior, and this issue is unlikely to be a concern for state-of-the-art antiviruses. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code.

MicroScope replay attack

There is a proliferation of

s plaguing modern computer architectures. Many of these attacks measure slight, nondeterministic variations in the execution of code, so the attacker needs many, possibly tens of thousands, of measurements to learn secrets. However, the MicroScope attack allows a malicious OS to replay code an arbitrary number of times regardless of the programs actual structure, enabling dozens of side-channel attacks. In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events.

Plundervolt

Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requires access to the privileged control of the processor's voltage and frequency. A security advisory and mitigation for this attack was originally issued on August 14, 2018 and updated on March 20, 2020.

LVI

Load Value Injection injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow. A security advisory and mitigation for this attack was originally issued on March 10, 2020 and updated on May 11, 2021.

SGAxe

SGAxe, an SGX vulnerability published in 2020, extends a speculative execution attack on cache, leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation. In other words, a threat actor can bypass Intel's countermeasures to breach SGX enclaves' confidentiality. Th
SGAxe attack
is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes. A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021.

ÆPIC leak

In 2022, security researchers discovered a vulnerability in the

Advanced Programmable Interrupt Controller In computing, Intel's Advanced Programmable Interrupt Controller (APIC) is a family of interrupt controllers. As its name suggests, the APIC is more advanced than Intel's 8259 Programmable Interrupt Controller (PIC), particularly enabling the co ...

(APIC) that allows for an attacker with root/admin privileges to gain access to encryption keys via the APIC by inspecting data transfers from L1 and L2

. This vulnerability is the first architectural attack discovered on

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...

CPUs. This differs from Spectre and Meltdown which uses a noisy side channel. This exploit currently affects Intel Core 10th, 11th and 12th, and Xeon Ice Lake microprocessors.

References

External links

Intel Software Guard Extensions (Intel SGX)
/ ISA Extensions, Intel *
Intel Software Guard Extensions (Intel SGX) Programming Reference
Intel, October 2014 *
IDF 2015 - Tech Chat: A Primer on Intel Software Guard Extensions
Intel (poster) *
ISCA 2015 tutorial slides for Intel SGX
Intel, June 2015 * McKeen, Frank, et al. (Intel)
Innovative Instructions and Software Model for Isolated Execution
// Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013. * Jackson, Alon, (PhD dissertation)
Trust is in the Keys of the Beholder: Extending SGX Autonomy and Anonymity
May 2017. *

Joanna Rutkowska Joanna Rutkowska (born 1981 in Warsaw) is a Polish computer security researcher, primarily known for her research on low-level security and stealth malware, and as founder of the Qubes OS security-focused desktop operating system. She became kn ...

Thoughts on Intel's upcoming Software Guard Extensions (Part 1)
August 2013
SGX: the good, the bad and the downright ugly
/ Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07 * Victor Costan and Srinivas Devadas
Intel SGX Explained
January 2016.
wolfSSL
October 2016.
The Security of Intel SGX for Key Protection and Data Privacy Applications
/ Professor Yehuda Lindell (Bar Ilan University & Unbound Tech), January 2018
Intel SGX Technology and the Impact of Processor Side-Channel Attacks
March 2020
How Confidential Computing Delivers A Personalised Shopping Experience
January 2021
Realising the Potential of Data Whilst Preserving Privacy with EyA and Conclave from R3
December 2021
Introduction to Intel Software Guard Extensions
June 2020 {{Multimedia extensions Intel X86 instructions Computer security