{"id":21650,"date":"2020-06-09T14:19:02","date_gmt":"2020-06-09T18:19:02","guid":{"rendered":"http:\/\/pappp.net\/?guid=f32573e6b4bee0b6ec5ca3b390b99080"},"modified":"2020-06-09T14:19:02","modified_gmt":"2020-06-09T18:19:02","slug":"plundering-of-crypto-keys-from-ultrasecure-sgx-sends-intel-scrambling-again","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=21650","title":{"rendered":"Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=1682405\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: It's almost like introducing piles of hideously complicated features with poorly-understood interactions to processors is not conducive to security.  \r\n\r\nEspecially ones specifically designed to cross-cut the security model of the processor and let people-not-the-computer's-owner run code privileged outside the normal hierarchy. \r\n\r\nNow strap in for another round of feature-disabling, performance sapping microcode updates.<\/div><div>\n<figure><img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/06\/axe-intel-sgx-800x450.jpg\" alt=\"An ax strikes a piece of wood with the Intel logo.\" referrerpolicy=\"no-referrer\"\/><p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/06\/axe-intel-sgx.jpg\" rel=\"noopener noreferrer\">Enlarge<\/a> (credit: <a rel=\"noopener noreferrer\" href=\"https:\/\/arstechnica.com\/author\/aurich-lawson\/\">Aurich Lawson \/ Getty<\/a>)<\/p>  <\/figure><div><a name=\"page-1\"><\/a><\/div>\n<p>For the past two years, modern CPUs&mdash;particularly those made by Intel&mdash;have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel&rsquo;s Software Guard eXtension, by far the most sensitive region of the company&rsquo;s processors.<\/p>\n<p>Abbreviated as SGX, the protection is designed to provide a Fort Knox of sorts for the safekeeping of encryption keys and other sensitive data even when the operating system or a virtual machine running on top is badly and maliciously compromised. SGX works by creating trusted execution environments that protect sensitive code and the data it works with from monitoring or tampering by anything else on the system.<\/p>\n<p>Key to the security and authenticity assurances of SGX is its creation of what are called enclaves, or blocks of secure memory. Enclave contents are encrypted before they leave the processor and are written in RAM. They are decrypted only after they return. The job of SGX is to safeguard the enclave memory and block access to its contents by anything other than the trusted part of the CPU.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=1682405#p3\" rel=\"noopener noreferrer\">Read 23 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=1682405&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p><div>\n<a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=i7XgvFr_YyI:-wFDRD_FoLQ:V_sGLiPBpWU\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=i7XgvFr_YyI:-wFDRD_FoLQ:V_sGLiPBpWU\" border=\"0\" referrerpolicy=\"no-referrer\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=i7XgvFr_YyI:-wFDRD_FoLQ:F7zBnMyn0Lo\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?i=i7XgvFr_YyI:-wFDRD_FoLQ:F7zBnMyn0Lo\" border=\"0\" referrerpolicy=\"no-referrer\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=i7XgvFr_YyI:-wFDRD_FoLQ:qj6IDK7rITs\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=qj6IDK7rITs\" border=\"0\" referrerpolicy=\"no-referrer\"\/><\/a> <a href=\"http:\/\/feeds.arstechnica.com\/~ff\/arstechnica\/index?a=i7XgvFr_YyI:-wFDRD_FoLQ:yIl2AUoC8zA\" rel=\"noopener noreferrer\"><img src=\"http:\/\/feeds.feedburner.com\/~ff\/arstechnica\/index?d=yIl2AUoC8zA\" border=\"0\" referrerpolicy=\"no-referrer\"\/><\/a>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: Aurich Lawson \/ Getty)<br \/>\nFor the past two years, modern CPUs&mdash;particularly t&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=21650\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-21650","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/21650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21650"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/21650\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}