Software Guard eXtensions (SGX) represents Intel’s latest foray into trusted computing. Initially intended as a means to secure cloud computation, it has since been employed for DRM and secure key storage in production systems. SGX differs from its competitors such as TrustZone in its focus on reducing the volume of trusted code in its “secure world”. These secure worlds are called enclaves in SGX parlance and are protected from untrusted code by a combination of a memory encryption engine and a set of new CPU instructions to enforce separation.
SGX has been available on almost every Intel processor since the sixth generation of Intel Core (Skylake). It has had a bit of a rocky journey since. Upon its release, there were concerns expressed about SGX being used as a medium for malware dissemination. A proof of concept demonstrating the effectiveness of this was also published. Then there were concerns about the mandatory agreements required to publish enclave code in production. In order to use Intel’s attestation service, a key enabler for any remote application built on SGX, developers have to obtain a commercial license from Intel. This lock-in raised a fair bit of consternation and to date hasn’t been fully addressed by Intel. Then came the vulnerabilities. SGX was found to be vulnerable to cache timing attacks, speculative execution vulnerabilities and to Load Value Injection attacks. This has further eroded the credibility of the platform.
That said, there have been a fair few projects that have utilized SGX either to harden existing solutions or to come up with hitherto unseen applications. In this post, we’ll look at three such proposals to see how they utilize SGX despite its concerning attributes. Where applicable, we will also talk about how the discovered vulnerabilities have affected their viability.