Intel Software Guard Extensions (SGX) is a set ofinstruction codes implementingtrusted execution environment that are built into someIntelcentral processing units (CPUs). They allowuser-level andoperating system code to define protected private regions of memory, calledenclaves.[1][2] SGX is designed to be useful for implementing secureremote computation, secureweb browsing, anddigital rights management (DRM).[3] Other applications include concealment ofproprietary algorithms and ofencryption keys.[4]
SGX involvesencryption by the CPU of a portion of memory (theenclave). Data and code originating in the enclave aredecryptedon the flywithin the CPU,[4] protecting them from being examined or read by other code,[4] including code running at higherprivilege levels such as theoperating system and any underlyinghypervisors.[1][4][2] While this can mitigate many kinds of attacks, it does not protect againstside-channel attacks.[5]
A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generationIntel Core processors, but development continues on Intel Xeon for cloud and enterprise use.[6][7]
 | This articleis missing information about interesting implementation in the form ofXuCode — actual ELF files (seemicrocodeDecryptor) executed to implement SGX instructions. Please expand the article to include this information. Further details may exist on thetalk page.(July 2022) |
SGX was first introduced in 2015 with the sixth generationIntel Core microprocessors based on theSkylakemicroarchitecture.
Support for SGX in the CPU is indicated inCPUID "Structured Extended feature Leaf", EBX bit 02,[8] but its availability to applications requiresBIOS/UEFI support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.[9]
Emulation of SGX was added to an experimental version of theQEMU system emulator in 2014.[10] In 2015, researchers at theGeorgia Institute of Technology released an open-source simulator named "OpenSGX".[11]
One example of SGX used in security was a demo application fromwolfSSL[12] using it for cryptography algorithms.
IntelGoldmont Plus (Gemini Lake) microarchitecture also contains support for Intel SGX.[13]
Both in the11th and12th generations of Intel Core processors, SGX is listed as "Deprecated" and thereby not supported on "client platform" processors.[6][14][15] This removed support of playingUltra HD Blu-ray discs on officially licensed software, such asPowerDVD.[16][17][18]
On 27 March 2017 researchers at Austria'sGraz University of Technology developed a proof-of-concept that can grabRSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploitcacheDRAM side-channels.[19][20] One countermeasure for this type of attack was presented and published by Daniel Gruss et al. at theUSENIX Security Symposium in 2017.[21] Among other published countermeasures, one countermeasure to this type of attack was published on September 28, 2017, a compiler-based tool, DR.SGX,[22] that claims to have superior performance with the elimination of the implementation complexity of other proposed solutions.
The LSDS group at Imperial College London showed a proof of concept that theSpectre speculative execution security vulnerability can be adapted to attack the secure enclave.[23] TheForeshadow attack, disclosed in August 2018, combines speculative execution and buffer overflow to bypass the SGX.[24] A security advisory and mitigation for this attack, also called an L1 Terminal Fault, was originally issued on August 14, 2018 and updated May 11, 2021.[25]
On 8 February 2019, researchers at Austria'sGraz University of Technology published findings which showed that in some cases it is possible to run malicious code from within the enclave itself.[26] The exploit involves scanning through process memory in order to reconstruct a payload, which can then run code on the system. The us doller & 2018 claims that due to the confidential and protected nature of the enclave, it is impossible forantivirus software to detect and remove malware residing within it. Intel issued a statement, stating that this attack was outside the threat model of SGX, that they cannot guarantee that code run by the user comes from trusted sources, and urged consumers to only run trusted code.[27]
There is a proliferation ofside-channel attacks plaguing modern computer architectures. Many of these attacks measure slight, nondeterministic variations in the execution of code, so the attacker needs many measurements (possibly tens of thousands) to learn secrets. However, the MicroScope attack allows a malicious OS to replay code an arbitrary number of times regardless of the program's actual structure, enabling dozens of side-channel attacks.[28] In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events.[29]
Security researchers were able to inject timing specific faults into execution within the enclave, resulting in leakage of information. The attack can be executed remotely, but requiresaccess to the privileged control of the processor's voltage and frequency.[30] A security advisory and mitigation for this attack was originally issued on August 14, 2018 and updated on March 20, 2020.[31]
Load Value Injection[32][33] injects data into a program aiming to replace the value loaded from memory which is then used for a short time before the mistake is spotted and rolled back, during which LVI controls data and control flow. A security advisory and mitigation for this attack was originally issued on March 10, 2020 and updated on May 11, 2021.[34]
SGAxe,[35] an SGX vulnerability published in 2020, extends aspeculative execution attack on cache,[36] leaking content of the enclave. This allows an attacker to access private CPU keys used for remote attestation.[37] In other words, a threat actor can bypass Intel's countermeasures to breach SGX enclaves' confidentiality. TheSGAxe attack is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel. The attacker can then masquerade as legitimate Intel machines by signing arbitrary SGX attestation quotes.[38] A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021.[39]
In 2022, security researchers discovered a vulnerability in theAdvanced Programmable Interrupt Controller (APIC) that allows for an attacker with root/admin privileges to gain access to encryption keys via the APIC by inspecting data transfers from L1 and L2cache.[40] This vulnerability is the first architectural attack discovered onx86 CPUs. This differs from Spectre and Meltdown which use a noisyside channel. This exploit currently affects Intel Core 10th, 11th and 12th generations, and Xeon Ice Lake microprocessors.[41][42]
There has been a long debate on whether SGX enables creation of superior malware.Oxford University researchers published an article in October 2022[43] considering attackers' potential advantages and disadvantages by abusing SGX for malware development. Researchers conclude that while there might be temporary zero-day vulnerabilities to abuse in SGX ecosystem, the core principles and design features of Trusted Execution Environments (TEEs) make malware weaker than a malware-in-the-wild, TEEs make no major contributions to malware otherwise.[weasel words]
{{cite web}}: CS1 maint: numeric names: authors list (link)