Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Intel Security

SGX, Intel's Supposedly Impregnable Data Fortress, Has Been Breached Yet Again (arstechnica.com) 23

Intel's latest generation of CPUs contains a vulnerability that allows attackers to obtain encryption keys and other confidential information protected by the company's software guard extensions, the advanced feature that acts as a digital vault for security users' most sensitive secrets. From a report: Abbreviated as SGX, the protection is designed to provide a fortress of sorts for the safekeeping of encryption keys and other sensitive data, even when the operating system or a virtual machine running on top is maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.

SGX is a cornerstone of the security assurances many companies provide to users. Servers used to handle contact discovery for the Signal Messenger, for instance, rely on SGX to ensure the process is anonymous. Signal says running its advanced hashing scheme provides a "general recipe for doing private contact discovery in SGX without leaking any information to parties that have control over the machine, even if they were to attach physical hardware to the memory bus." The example is purely hypothetical. Signal spokesperson Jun Harada wrote in an email: "Intel alerted us to this paper... and we were able to verify that the CPUs that Signal uses are not impacted by the findings of this paper and therefore are not vulnerable to the stated attack." Key to the security and authenticity assurances of SGX is its creation of what are called "enclaves," or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.

This discussion has been archived. No new comments can be posted.

SGX, Intel's Supposedly Impregnable Data Fortress, Has Been Breached Yet Again

Comments Filter:
  • heh (Score:5, Funny)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday August 09, 2022 @01:46PM (#62775352) Homepage Journal

    "Customers can and should continue to use Intel SGX."

    Sure, the NSA will be sad if they don't.

  • by systemd-anonymousd ( 6652324 ) on Tuesday August 09, 2022 @01:48PM (#62775358)

    Hey remember when the encrypted messenger app Signal swore up and down that SGX would keep your data safe and used it as a justification for forcing PINs and uploading your contact list to their servers? They wrote all these beard-stroking papers about remote attestation and SGX and how their users were being ridiculous for wanting usernames and no PINs.

    • by Anonymous Coward
      Signal recommends PINs, but does not require them. I use Signal and don't have a PIN.
      • They made them mandatory for a time, and tried very very hard to stop their users from getting their way. There was outcry and they reluctantly made them optional.

    • by Klaxton ( 609696 )

      "we were able to verify that the CPUs that Signal uses are not impacted by the findings of this paper"

  • by tlhIngan ( 30335 ) <slashdot&worf,net> on Tuesday August 09, 2022 @02:24PM (#62775468)

    Intel has deprecated SGX since the 11th gen CPUs - the 11th and 12th gen CPUs do not support SGX at all.

    There was also only one consumer use of SGX - SGX is required in order to play UHD Blu-Rays.But that was a rather niche use as it required a UHD Blu-Ray drive (and few people use optical media these days), as well as protected path video card and Windows 10. And after all that, you didn't get some of the benefits as you would a regular standalone player - like Dolby Vision HDR and such. Oh, and after the drive ($200), software ($100) and other stuff, you'd likely have spent more money than a standalone disc player! (They go for $200 on sale, $300 regular price, and the ultra fancy ones can cost $600+)

    In fact, it was easier to rip a UHD Blu-Ray onto your PC and play it without needing SGX, a special player (Kodi, VLC, etc could play it), a special video card, or even a UHD drive - you could use a recent regular Blu-Ray drive (cost - $50) instead, and the software was free (MakeMKV), or you could pay for AnyDVD.

    And no, we're not even pirating here! We're just legitimately making a backup you could put on a NAS and watch it on your TV via a streamer like a nVidia Shield or other media player, as well. Just someone with a legitimate disc, a legitimate optical disc reader, legitimate software, able to play discs with far more convenience than trying to do it the "proper" way.

    I don't think there was any other real use of SGX at all.

    • A few commercial security/encryption packages used SGX. I think there was a McAfee product that used it, and a few other computer management/antivirus/command-and-control type enterprise packages that used it.

      But, yeah, for the general consumer, about the only thing that used it was PowerDVD for watching UHD Blu-ray discs.

    • by dgatwood ( 11270 ) on Tuesday August 09, 2022 @03:25PM (#62775612) Homepage Journal

      I don't think there was any other real use of SGX at all.

      That's because the only real reason for supporting secure enclaves, whether permanent (like the TPM and the SGX eTPM) or temporary (like other SGX functionality) is DRM.

      In general, there's little to no legitimate reason to prevent the owner of the device from being able to retrieve keys. Maybe it has some very limited usefulness for adding an extra layer of robustness to full-disk encryption, but even then, it's still just defense in depth, not the primary means of protection. The only reason you would ever want to completely hide keys from the user is for DRM.

      And preventing arbitrary apps from accessing keys that don't belong to them is a sandboxing problem, for which solutions such as Apple's Keychain Services or Linux's libsecret are more appropriate. The sad thing is that Windows *still* doesn't really have equivalent functionality. Microsoft's Credential Manager/Password Vault are wide open so any traditional desktop app can swipe passwords from any other app. Microsoft really needs to take security a lot more seriously. But I digress.

      Temporary enclaves are even less useful. If you have compromised high-privilege processes trying to steal data from running applications, you're already way beyond screwed, so worrying about defense in depth at that point is an indication that you didn't worry enough about defense in depth at the levels where it would actually do some good at preventing the compromise in the first place. It makes for great academic papers, but it's a bit like arguing about what color to paint your bedroom while your house is on fire.

      Which leaves DRM as the only plausible use.

  • by AmazingRuss ( 555076 ) on Tuesday August 09, 2022 @03:46PM (#62775690)
    ... impregnated?
  • If they're made in China, well then there's your problem. Even Taiwan... how hard can it be for China to send in moles or find sympathy. Fucking up American CPU design is a big win.

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...