Intel SGX
E163103
Intel SGX is a hardware-based security technology that enables the creation of protected enclaves in memory to run sensitive code and data in isolation from the rest of the system.
All labels observed (7)
| Label | Occurrences |
|---|---|
| Intel SGX canonical | 4 |
| Intel SGX (select SKUs) | 1 |
| Intel SGX Developer Guide | 1 |
| Intel SGX Platform Software | 1 |
| Intel SGX SDK | 1 |
| Intel Software Guard Extensions | 1 |
| SGX | 1 |
Statements (80)
| Predicate | Object |
|---|---|
| instanceOf |
Hardware-based security technology
ⓘ
Trusted execution environment ⓘ |
| abbreviation |
Intel SGX
self-linksurface differs
ⓘ
surface form:
SGX
|
| architecture | Intel 64 ⓘ |
| attestationType |
Local attestation
ⓘ
Remote attestation ⓘ |
| developer |
Intel Corporation
ⓘ
surface form:
Intel
|
| documentation |
Intel SGX
self-linksurface differs
ⓘ
surface form:
Intel SGX Developer Guide
Intel Architecture Software Developer’s Manual ⓘ
surface form:
Intel Software Developer’s Manual
|
| featureOf |
Intel Core processor family
ⓘ
surface form:
Intel Core processors
Intel Xeon ⓘ
surface form:
Intel Xeon processors
|
| fullName |
Intel SGX
self-linksurface differs
ⓘ
surface form:
Intel Software Guard Extensions
|
| includesInstruction |
ECREATE
ⓘ
EENTER ⓘ EEXIT ⓘ EGETKEY ⓘ EINIT ⓘ EREMOVE ⓘ EREPORT ⓘ |
| instructionSetExtensionOf | Intel x86 ISA ⓘ |
| introducedBy | Intel Skylake microarchitecture ⓘ |
| keyConcept |
Enclave
ⓘ
Isolated execution ⓘ Memory encryption ⓘ Remote attestation ⓘ Sealing ⓘ |
| marketStatus |
Supported on selected Intel client CPUs
ⓘ
Supported on selected Intel server CPUs ⓘ |
| memoryRegion | Enclave Page Cache ⓘ |
| memoryRegionAbbreviation | EPC ⓘ |
| notDesignedToProtectAgainst |
Denial-of-service attacks
ⓘ
Side-channel attacks by co-resident processes ⓘ |
| platform | x86 ⓘ |
| provides |
Confidentiality for enclave memory
ⓘ
Integrity protection for enclave memory ⓘ Remote attestation capability ⓘ |
| purpose |
Enable secure computation on untrusted platforms
ⓘ
Protect sensitive code and data in memory ⓘ Provide isolated execution environments ⓘ |
| relatedConcept |
AMD SEV
ⓘ
TrustZone security extension ⓘ
surface form:
ARM TrustZone
Trusted Execution Environment ⓘ
surface form:
Confidential computing
Trusted Platform Module 2.0 ⓘ
surface form:
Trusted Platform Module
|
| remoteAttestationUses |
EPID group signatures
ⓘ
Quoting enclave ⓘ |
| requires |
BIOS or firmware enabling SGX
ⓘ
CPU with SGX support ⓘ Operating system support for SGX ⓘ |
| sealingDefinition | Encrypting enclave data to persistent storage ⓘ |
| sealingKeyScope |
CPU-specific sealing keys
ⓘ
Enclave-specific sealing keys ⓘ |
| securityBoundary | CPU package ⓘ |
| securityProperty |
Protects against a compromised hypervisor
ⓘ
Protects against a compromised operating system ⓘ Protects against some physical attacks on memory ⓘ |
| softwareSupport |
Graphene-SGX
ⓘ
Intel SGX self-linksurface differs ⓘ
surface form:
Intel SGX Platform Software
Intel SGX self-linksurface differs ⓘ
surface form:
Intel SGX SDK
Open Enclave SDK ⓘ SCONE ⓘ |
| standardType | Instruction set extension ⓘ |
| supports |
Multiple enclaves per process
ⓘ
User-mode enclaves ⓘ |
| threatModel |
Malicious BIOS or firmware
ⓘ
Malicious OS ⓘ Malicious hypervisor ⓘ |
| useCase |
Blockchain and trusted oracles
ⓘ
Confidential cloud computing ⓘ Digital rights management ⓘ Secure key management ⓘ Secure multi-party computation ⓘ Trusted analytics on sensitive data ⓘ |
| uses |
Access control checks on enclave memory
ⓘ
CPU-based memory encryption engine ⓘ |
| vulnerableTo |
Branch prediction side-channel attacks
ⓘ
Cache side-channel attacks ⓘ Foreshadow (L1TF) attack ⓘ Plundervolt attack ⓘ SGAxe attack ⓘ Speculative execution attacks ⓘ |
Referenced by (10)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
Intel Software Guard Extensions
this entity surface form:
SGX
this entity surface form:
Intel SGX SDK
this entity surface form:
Intel SGX Platform Software
this entity surface form:
Intel SGX Developer Guide