In my previous two blog posts I provided an overview of the Intel® SGX design objectives. Without further ado, below is a more detailed description of the remaining design objectives.
As a reminder, I highlighted these eight design objectives for Intel® SGX:
In my previous two posts I expanded upon the first five objectives. In this post, I will review the remaining 3.
Objective 6 – Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
This objective builds from this idea of minimizing disruption to current development processes. One of the significant contributors to the software spiral has been the ability of software developers to take full advantage of increasing processor performance. For maximum utility, trusted applications should not incur significant performance penalties.
Objective 7 – Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
If the proposed solution requires independent software vendors (ISVs) to work closely with platform manufacturers in order to pre-provision their applications at platform manufacturing time, or deliver updates only integrated with other platform level firmware and software updates, also it would drastically impede the ability of application providers to deliver innovation.
Objective 8 – Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.
Given the number of ways that an adversary can choose to attack a platform that he or she has in his or her physical possession, an effective solution must provide protection from many types of hardware attacks. Researchers at Princeton University demonstrated one such attack: https://citp.princeton.edu/research/memory/. Many other attacks are possible using memory bus analyzers and related techniques.
Well this is it for the design objectives. I'll be back again when Intel is ready to provide more Intel® SGX information and resources.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804