Could Intel SGX be dangerous under Linux?












3















Question Background



This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.





Actual Question



Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?





Personal Background



I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.










share|improve this question

























  • What is your threat model?

    – forest
    Mar 24 at 9:33






  • 1





    @forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

    – Vlastimil
    Mar 24 at 13:09











  • A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

    – forest
    Mar 25 at 0:20











  • In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

    – forest
    Mar 25 at 0:22


















3















Question Background



This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.





Actual Question



Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?





Personal Background



I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.










share|improve this question

























  • What is your threat model?

    – forest
    Mar 24 at 9:33






  • 1





    @forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

    – Vlastimil
    Mar 24 at 13:09











  • A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

    – forest
    Mar 25 at 0:20











  • In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

    – forest
    Mar 25 at 0:22
















3












3








3








Question Background



This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.





Actual Question



Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?





Personal Background



I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.










share|improve this question
















Question Background



This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.





Actual Question



Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?





Personal Background



I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.







linux intel-sgx






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 24 at 13:52







Vlastimil

















asked Mar 24 at 9:04









VlastimilVlastimil

608921




608921













  • What is your threat model?

    – forest
    Mar 24 at 9:33






  • 1





    @forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

    – Vlastimil
    Mar 24 at 13:09











  • A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

    – forest
    Mar 25 at 0:20











  • In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

    – forest
    Mar 25 at 0:22





















  • What is your threat model?

    – forest
    Mar 24 at 9:33






  • 1





    @forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

    – Vlastimil
    Mar 24 at 13:09











  • A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

    – forest
    Mar 25 at 0:20











  • In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

    – forest
    Mar 25 at 0:22



















What is your threat model?

– forest
Mar 24 at 9:33





What is your threat model?

– forest
Mar 24 at 9:33




1




1





@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

– Vlastimil
Mar 24 at 13:09





@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.

– Vlastimil
Mar 24 at 13:09













A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

– forest
Mar 25 at 0:20





A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.

– forest
Mar 25 at 0:20













In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

– forest
Mar 25 at 0:22







In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.

– forest
Mar 25 at 0:22












1 Answer
1






active

oldest

votes


















3














SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.



And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.






share|improve this answer





















  • 1





    It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

    – forest
    Mar 24 at 9:35











  • @Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

    – Steffen Ullrich
    Mar 24 at 10:07











  • "I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

    – Steffen Ullrich
    Mar 24 at 10:55












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205969%2fcould-intel-sgx-be-dangerous-under-linux%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.



And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.






share|improve this answer





















  • 1





    It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

    – forest
    Mar 24 at 9:35











  • @Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

    – Steffen Ullrich
    Mar 24 at 10:07











  • "I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

    – Steffen Ullrich
    Mar 24 at 10:55
















3














SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.



And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.






share|improve this answer





















  • 1





    It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

    – forest
    Mar 24 at 9:35











  • @Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

    – Steffen Ullrich
    Mar 24 at 10:07











  • "I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

    – Steffen Ullrich
    Mar 24 at 10:55














3












3








3







SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.



And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.






share|improve this answer















SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.



And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 24 at 9:37

























answered Mar 24 at 9:34









Steffen UllrichSteffen Ullrich

119k15209276




119k15209276








  • 1





    It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

    – forest
    Mar 24 at 9:35











  • @Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

    – Steffen Ullrich
    Mar 24 at 10:07











  • "I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

    – Steffen Ullrich
    Mar 24 at 10:55














  • 1





    It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

    – forest
    Mar 24 at 9:35











  • @Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

    – Steffen Ullrich
    Mar 24 at 10:07











  • "I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

    – Steffen Ullrich
    Mar 24 at 10:55








1




1





It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

– forest
Mar 24 at 9:35





It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.

– forest
Mar 24 at 9:35













@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

– Steffen Ullrich
Mar 24 at 10:07





@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.

– Steffen Ullrich
Mar 24 at 10:07













"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

– Steffen Ullrich
Mar 24 at 10:55





"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.

– Steffen Ullrich
Mar 24 at 10:55


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205969%2fcould-intel-sgx-be-dangerous-under-linux%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Plaza Victoria

Puebla de Zaragoza

Musa