Software Guard Extensions

Intel SGX is a set of new instructions from Intel that allows user-level code to allocate private regions of memory, called enclaves, that unlike normal process memory is also protected from processes running at higher privilege levels.^[1]

Support for SGX in the CPU is indicated in CPUID "Structured Extended feature Leaf", EBX bit 02,^[2] but its availability to applications requires BIOS support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.^[3]

Emulation of SGX was added to experimental version of QEMU system emulator in 2014.^[4] In 2015, researchers at the Georgia Institute of Technology released an open-source simulator known as OpenSGX.^[5]

It was introduced in 2015 with the sixth generation Intel Core microprocessors based on the Skylake microarchitecture.

The introduction of SGX has a large impact on the security industry. It shifts how security is being achieved and lowers the attack surface area of projects. One example of SGX used in security was a demo application from wolfSSL ^[6] using it for cryptography algorithms. An additional example is Numecent using SGX to protect the DRM that is used to authorize application execution with their Cloudpaging application delivery products. ^[7]

References

^ "Intel® SGX for Dummies (Intel® SGX Design Objectives)". intel.com. 2013-09-26.
^ Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"
^ "Properly Detecting Intel® Software Guard Extensions in Your Applications". intel.com. 2016-05-13.
^ https://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf
^ "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.
^ "wolfSSL At IDF". wolfssl. 2016-08-11.
^ "Numecent Cloudpaging at Intel IDF". numecent.com. 2016-08-16.

External links

Intel Software Guard Extensions (Intel SGX) / ISA Extensions, Intel
- Intel Software Guard Extensions (Intel SGX) Programming Reference, Intel, October 2014
- IDF 2015 - Tech Chat: A Primer on Intel® Software Guard Extensions, Intel (poster)
- ISCA 2015 tutorial slides for Intel SGX, Intel, June 2015
McKeen, Frank, et al. (Intel), Innovative Instructions and Software Model for Isolated Execution // Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013.
Joanna Rutkowska, Thoughts on Intel's upcoming Software Guard Extensions (Part 1), August 2013
SGX: the good, the bad and the downright ugly / Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07
Victor Costan and Srinivas Devadas, Intel SGX Explained, January 2016.
wolfSSL, October 2016.

This microcomputer- or microprocessor-related article is a stub. You can help Wikipedia by expanding it.

[1] "Intel® SGX for Dummies (Intel® SGX Design Objectives)". intel.com. 2013-09-26.

[2] Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 "Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX"

[3] "Properly Detecting Intel® Software Guard Extensions in Your Applications". intel.com. 2016-05-13.

[4] ttps://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf

[5] "sslab-gatech/opensgx". GitHub. Retrieved 2016-08-15.

[6] "wolfSSL At IDF". wolfssl. 2016-08-11.

[7] "Numecent Cloudpaging at Intel IDF". numecent.com. 2016-08-16.

[1]

[2]

[3]

[4]

[5]

[6]

[7]