
EnclaveDB: A secure database using SGX - nuriaion
https://blog.acolyer.org/2018/07/05/enclavedb-a-secure-database-using-sgx/
======
MaxBarraclough
Moxie Marlinspike did this kind of thing with Signal last year. Not a full SQL
engine though. Surprised there's no mention of him.

[https://www.theregister.co.uk/2017/09/27/signal_turns_to_int...](https://www.theregister.co.uk/2017/09/27/signal_turns_to_intels_sgx_to_lock_down_contacts_from_spying_eyes/)

HN thread:
[https://news.ycombinator.com/item?id=15935955](https://news.ycombinator.com/item?id=15935955)

------
userbinator
SGX is scary. It essentially gives Intel complete control over what software
can hide from the user.

 _One of my favourite takeaways is that we don’t always have to think of
performance and security as trade-offs_

...but security and freedom always are.

~~~
aseipp
Newer versions of SGX include the "Flexible Launch Control" feature, which
allows you to control the SGXLEPUBKEYHASH setting on the CPU. This contains
the hash of the public key that the "launch enclave" for SGX must be signed
with, which further grants tokens that can be used to launch subsequent
enclaves (AFAIU). Control of the launch enclave key has been the main source
of contention over SGX, as far as I can tell, since you currently have to
enter into negotiations with Intel to get your enclave signed by their key.

Based on some posts from Andy Lutomirski on LKML, it seems highly unlikely
that any SGX support will go upstream in Linux until Flexible Launch Control
is available in consumer SKUs, at least.[1] In fact, I looked up the latest
patches posted just a few days ago, which "Removed in-kernel LE i.e. this
version of the SGX software stack only supports unlocked IA32_SGXLEPUBKEYHASHx
MSRs."[2]

"SGXv2" with FLC is allegedly available in some SKUs right now (based on some
googling[3]), but Intel hasn't been very forthcoming on exactly which ones
those are, or even what the major differences between v2 and v1 are, besides
FLC...

[1] [https://lkml.org/lkml/2017/3/8/605](https://lkml.org/lkml/2017/3/8/605)

[2]
[https://lore.kernel.org/lkml/20180703182118.15024-1-jarkko.s...](https://lore.kernel.org/lkml/20180703182118.15024-1-jarkko.sakkinen@linux.intel.com/)

[3]
[https://communities.intel.com/thread/124490](https://communities.intel.com/thread/124490)

~~~
pjmlp
The EnclaveDB paper bibliography has a few references about SGX based
containers on Linux.

------
merqurio
If I understood it well, the main security concerns are moved to the KMS, that
you must refer is not susceptible to the same kind of attacks that they
describe (untrusted environments, potentially with unknown database
administrators, server administrators, OS and hypervisors). I have not a vast
experience with KMSs, what would be your approach to deploy one you can trust
in a cloud environment, deploying it on bare metal?

~~~
Inflatablewoman
If you have one backed by a HSM (Hardware Security Module) then you could be
in a good spot. Similar set up to what AWS KMS does.

[https://aws.amazon.com/kms/details/](https://aws.amazon.com/kms/details/)

------
illuminator
What are the best resources for learning more about the implications of SGX
and how to work with it?

~~~
inp
[https://eprint.iacr.org/2016/086.pdf](https://eprint.iacr.org/2016/086.pdf)

------
ai_ja_nai
>machines with over 1TB memory already commonplace

WTF

