📃
Confidential Computing 101
HomeTechnologyTry CC!
  • Welcome
  • Confidential Computing
    • What is Confidential Computing
    • What problems Confidential Computing solves
      • Bare Metal
      • Docker
      • Kubernetes
      • Knative
    • Why Confidential Computing
    • How Confidential Computing works
      • Memory Encryption
      • Workload Attestation
      • Confidential Boot
      • Sealing / Binding
      • Secret Provisioning
    • Technology Overview
    • Cloud Service Providers
  • Technology in depth
    • Intel SGX
      • Getting Started
        • Bare Metal Server Installation
        • Enclave Development Environment
        • Intel SGX SDK Setup
      • Technology
        • 🎭Features
        • 💂Threat Model
        • 🆚Versions
        • 🟦Concepts
          • 🏦Memory Encryption
          • 👮Local and Remote Attestation
          • 🖼️DCAP-Attestation Framework
          • 🔑Secret Key Provisioning
      • enclaive Development Kit
        • 🏢Architecture
        • 🌪️Workflow
        • 🌍Tutorials
          • Azure DCdsv3, DCsv2, or DCsv3 Setup
          • Redis in cK8s
          • MongoDB in cK8s
          • K8s + HashiCorp Vault on Azure DCsv3
      • Vault Remote Attestation Plug-In
        • 🏃‍♂️Initialization
        • 👮Attestation
        • ⚙️Configuration
    • Intel TDX
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
          • VT
          • TME/MKTME
          • SGX
        • Features
        • Threat Model
        • Concepts
          • Architecture
            • TDX Module
          • Memory Encryption
            • Confidentiality and Integrity
            • Keys and Key Management
          • TD Partitioning
          • DCAP-Attestation
            • Overview
            • Platform Registration
            • Attestation Report
    • AMD SEV
      • Getting Started
        • Azure
        • AWS
        • GCP
      • Technology
        • History
        • Threat Model
        • SME Concepts
          • Use Models
        • SEV-SNP Concepts
          • Features
            • Integrity Threats
            • Reverse Map Table
            • Page Validation
            • Page States
            • Virtual Machine Privilege Levels
            • Interrupt/Exception Protection
            • Trusted Platform Information
            • TCB Versioning
            • VM Launch & Attestation
            • VM Migration
            • Side Channels
          • Use Cases
          • Architecture
            • Encrypted Memory
            • Key Management
          • Software Implications
    • ARM CC
      • Technology
        • Introduction
        • Threat Model
        • Design
        • Comparison
    • Attestation Methods
      • Raw Attestation
      • Raw Attestation with Secure-Boot
      • Raw Attestation with a vTPM
        • AMD Secure VM Service Module and vTPMs
      • Raw Attestation with paravirtualized TPM
  • Resources
    • Youtube
    • Github
    • Products
Powered by GitBook
On this page

Was this helpful?

  1. Technology in depth
  2. Intel TDX
  3. Technology
  4. History

SGX

Last updated 1 year ago

Was this helpful?

Intel Software Guard Extensions (SGX)

In 2015, Intel introduced , starting with the 6th Generation Core processors, to address threats like memory bus snooping and cold boot attacks. SGX enables developers to create secure enclaves, partition applications, and protect specific code and data within these isolated environments. Access to the memory of an enclave is restricted to authorized code only, and SGX utilizes hardware-based memory encryption to safeguard the contents—unauthorized attempts to access or tamper with the enclave's memory trigger exceptions. SGX enhances security by adding 18 new instructions to Intel's ISA and facilitating secure offloading of computations to untrustworthy environments, such as hosting applications, kernels, SMM, and peripheral devices. However, the overall security of SGX relies on the integrity of the firmware and microcode that implement its features.

The Enclave Page Cache (EPC) serves as a special memory region containing the code and data of enclaves. Each page within the EPC is encrypted using the Memory Encryption Engine (MEE). The Enclave Page Cache Map (EPCM) stores metadata for each page, including configuration, permissions, and page type. During boot time, keys are generated and utilized for decrypting the contents of encrypted pages inside the CPU. The MEE securely controls these keys, preventing exposure to external entities. As a result, only the specific CPU that encrypted the memory can decrypt it, and the keys remain inaccessible to any software. Additionally, privileged software outside enclaves is restricted from reading or writing to the EPC or EPCM pages.

SGX provides local and remote attestation mechanisms to ensure the integrity and authenticity of enclaves. Local attestation establishes trust between two enclaves within the same platform. In this process, one enclave generates a report and signs it using the identity information of the other enclave. The second enclave verifies the report using its Report Key. Remote attestation becomes necessary when a third party needs to establish trust with a remotely executed enclave before provisioning it with secrets. SGX utilizes a specialized architectural enclave called the Quoting Enclave (QE) to perform remote attestation. The QE receives a report from another enclave, verifies it locally, and transforms it into a remotely verifiable quote signed with the Attestation Key. The relying party sends this quote to the Intel Attestation Service (IAS) to verify the trustworthiness of the SGX enclave. The QE ensures a secure environment for transforming reports into quotes and prevents modifications or falsifications. Intel also offers Data Center Attestation Primitives (DCAP), a collection of software packages for data centers to establish their ECDSA attestation infrastructures for SGX enclave attestation.

With TDX

Although SGX and TDX protect memory at different granularities, they reside within the same Trusted Computing Base (TCB) on the same platform. As a result, they can locally attest to each other. TDX takes advantage of SGX's remote attestation mechanism. The attestation report of a TDX platform can be verified and signed within a Quoting Enclave, ensuring the integrity and authenticity of the TDX environment.

Software Guard Extension (SGX)