Home
Technology
Try CC!

🆚Versions

Note: SGXv1, including EPID attestation, is deprecated. Available is SGXv2 and DCAP attestation.

SGX 1.0

SGXv1 significantly impacted secure computing in 2015 with the introduction of 6th Generation Core processors. It allows developers to partition their applications securely and protect specific code within hardware-encrypted memory enclaves, safeguarding them from unauthorized access and cold boot attacks. To ensure enhanced protection, any unauthorized attempts on an enclave trigger exceptions, enabling immediate detection. To support these capabilities, 18 new instructions were added to the Instruction Set Architecture (ISA) to facilitate secure computation in untrustworthy environments while maintaining security through trusted firmware and microcode implementations.

SGXv1's 18 ISA instructions:

Supervisor Instruction
Description
User Instruction
Description

ENCLS[EADD]

Add a page

ENCLU[EENTER]

Enter an Enclave

ENCLS[EBLOCK]

Block an EPC page

ENCLU[EEXIT]

Exit an Enclave

ENCLS[ECREATE]

Create an enclave

ENCLU[EGETKEY]

Create a cryptographic key

ENCLS[EDBGRD]

Read data by debugger

ENCLU[EREPORT]

Create a cryptographic report

ENCLS[EDBGWR]

Write data by debugger

ENCLU[ERESUME]

Re-enter an Enclave

ENCLS[EEXTEND]

Extend EPC page measurement

 

 

ENCLS[EINIT]

Initialize an enclave

 

 

ENCLS[ELDB]

Load an EPC page as blocked

 

 

ENCLS[ELDU]

Load an EPC page as unblocked

 

 

ENCLS[EPA]

Add version array

 

 

ENCLS[EREMOVE]

Remove a page from EPC

 

 

ENCLS[ETRACK]

Activate EBLOCK checks

 

 

ENCLS[EWB]

Write back/invalidate an EPC page

 

 

In SGXv1, the enclave size is limited to 128MB, which is primarily suited to desktop applications. It was primarily focused on applications such as digital rights management and key management. One successful implementation was the end-to-end streaming security in the Blu-ray standard. However, due to limited commercial adoption, Intel discontinued its desktop SGX line and shifted its strategy towards server CPUs, which led to the introduction of SGXv2.

SGX 2.0

Intel SGXv2 is found in the Icelake and Sapphire dedicated server CPU series. It introduced six additional instructions to the ISA. The main change in SGXv2 was the support for significantly larger and dynamically growing enclave sizes, reaching up to 1 TB (2*512 GB on a 2-socket board) to accommodate cloud-based applications. Another notable change addressed the remote attestation framework. While privacy was a crucial aspect in DRM applications, the concept of attesting a "streaming" enclave was based on an enhanced privacy identity (EPID) that protected the desktop user's privacy. With SGXv2, Intel revamped the attestation framework to meet the requirements of cloud service providers, resulting in the Data Center Attestation Primitive (DCAP).

SGXv2's 6 ISA instuctions:

Supervisor Instruction
Description
User Instruction
Description

ENCLS[EAUG]

Allocate page to an existing enclave

ENCLU[EACCEPT]

Accept changes to a page

ENCLS[EMODPR]

Restrict page permissions

ENCLU[EMODPE]

Enhance access rights

ENCLS[EMODT]

Make page TCS

ENCLU[EACCEPTCOPY]

Copy page to a new location

Other features that could be considered part of SGXv2 are:

Flexible Launch Control (FLC)

Although not strictly part of SGXv2, FLC was neither present in the original SGX hardware. FLC allows other companies, besides Intel, to create a Launch Enclave, a special enclave responsible for determining whether an enclave can be launched on the platform and enforcing different launch policies. To define a Launch Control Policy Provider other than the default Intel, the SHA256 value of the enclave signer's public key must be written to the IA32_SGXPUBKEYHASH0..3 MSRs.

Key Separation and Sharing (KSS)

Also not part of SGXv2, KSS was absent in the original SGX hardware. This feature enables the enclave signer to define additional enclave identity attributes and configuration identifiers.

Last updated