
Overview of Intel SGX – Part 1, SGX Internals - gbrown_
https://blog.quarkslab.com/overview-of-intel-sgx-part-1-sgx-internals.html
======
mehrdadn
Anybody know why SGX installs additional service(s) in the system, and how
they are used/what they are needed for? There is "Intel SGX AESM" with the
description "The system services management agent for Intel(R) Software Guard
Extensions enabled applications", but I don't get what exactly it manages and
how it can be used to manage that. Where/how does it come into play?

~~~
thinkmoore
Various components of the SGX system (launch approval, remote attestation
quote signing, etc) are implemented as Intel provided enclaves. AESM manages
those enclaves and provides an untrusted API to communicate with them.

~~~
mehrdadn
Interesting, thanks!

------
Taniwha
what we all know now about extracting information from cache miss and TLB
timings sort of makes all this a bit moot now doesn't it

~~~
staticassertion
The attacker's assumed capability is arbitrary execution locally.

Assuming an attacker is running as a separate user from the secret they want
to steal (reasonable assumption, in my opinion) they need a vulnerability in
the kernel, or some service running as root. Probably the kernel.

SGX pushes that further - you need a vulnerability in the hardware.

The attack surface of your hardware is < the attack surface of your hardware +
kernel, so it seems like a win.

We'll continue to see attacks against hardware, but this is still a technology
worth exploring.

------
dman
Nice diagrams - any pointers on what tool was used to make these?

~~~
tyingq
Maybe this?
[https://mathematica.stackexchange.com/questions/11350/xkcd-s...](https://mathematica.stackexchange.com/questions/11350/xkcd-
style-plots)

~~~
gh02t
Making those diagrams in Mathematica would be extraordinary painful. It's
probably something similar to that (a custom XKCD-like style) but for a
dedicated diagramming tool. I don't know of any tool with such a style though,
so I'm guessing it's custom.

