Hacker News new | ask | show | jobs
by trasz 2254 days ago
Critical flaws in SGX are being found all the time. It's a failed experiment that someone put into commercial products. At the same time there are no examples of SGX-like architecture that actually do work.

Enclaves are started from host code, but host code can't see into them. In other words you have no way of telling whether the enclave you've started is what you wanted, or if it includes malware.

The scheme I've described does give integrity - after all, that's precisely how the actual trusted components work, SecureEnclave, TEE etc: you have a trusted hypervisor, and then run your secure components outside the untrusted OS, in a trusted environment in that trusted hypervisor. It gives you everything SGX could, without its fundamental design problems.
2 comments
baby 2254 days ago
What you’re saying is a different threat model: your application goes rogue. SGX and TEE in general attempt to solve the reverse: your host goes rogue.

Research has shown that it is not a panacea, but we already knew that. It’s hardware not a full proof cryptographic solution. Some solutions have enclaves gather their results in a fault tolerant way to increase security even more.

So we could say that Intel and hardware vendors in general are looking for a solution that doesn’t exist. Or we can say that this is greatly improving your option when you are really scared of host compromises in your product.

link
achamayou 2254 days ago
I don’t think it’s helpful to confuse side-channel or micro-architectural attacks with attacks on SGX itself. Stating that hardware enclaves don’t work and do not ship is absurd, they are present in virtually every modern phone for one thing.

Code running in an SGX enclave is measured and absolutely known at enclave launch. The fact that enclave memory is encrypted for confidentiality is unrelated.

I don’t understand why you think trusting the hyper visor is helping anything. You are still open to this attack, and to all side channel attacks as soon as you run any untrusted code.

link
trasz 2254 days ago
Which phone uses enclave on top of untrusted OS, as opposed to running the enclave on the side of untrusted OS?
link
baby 2254 days ago
Every Android phone which has an ARM chip with Trustzone.
link
trasz 2254 days ago
Which doesn't run on top of on untrusted OS, like with SGX, but rather on the side, which is what I'm describing.
link
baby 2254 days ago
Both SGX and Trustzone are TEEs, which are segregated from the rich execution environment (the untrusted OS)
link