[coreblocks]

I have a feeling we will see a bunch of AMD vulnerabilities revealed in the coming years. Researchers haven’t really had time to study AMD’s micro architecture yet and it was not really a priority because of low penetration in the server market. In theory intel should have less bugs since they have massive design verification teams.

[thu2111]

Yes, the idea AMD is more secure than Intel is mostly a myth. AMD was less aggressively optimised than Intel but AMD didn't know about side channel attacks either and would have eventually ended up with the same techniques.

Meanwhile, we can compare the security track record of SEV vs SGX to see some real meat. SEV has been cracked completely and repeatedly by simple C or cryptography programming errors like buffer overflows or not checking for points being on the curve. SGX has had no such errors, every single attack on it has been an exotic statistical side channel attack. The last round weren't even practical. Researchers studied it for a year and couldn't actually make it work against real enclaves, but Intel issued CVEs and mitigations for it anyway, just in case. And the root level of SGX was never cracked, which is why it's always been software patchable/renewable without needing new silicon. AMD SEV has needed new silicon more than once.

SGX has held up pretty well given it was born just before the discovery of an entire class of CPU design vulnerabilities.