Could Intel SGX be dangerous under Linux?
Question Background
This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.
Actual Question
Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?
Personal Background
I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.
linux intel-sgx
add a comment |
Question Background
This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.
Actual Question
Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?
Personal Background
I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.
linux intel-sgx
What is your threat model?
– forest
Mar 24 at 9:33
1
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22
add a comment |
Question Background
This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.
Actual Question
Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?
Personal Background
I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.
linux intel-sgx
Question Background
This morning, by accident I have found, that there is basically a backdoor in a dormant state in my Dell laptop: Computrace, which comes from Absolute Software - link to their Web, link to Wikipedia.
Actual Question
Since I read some UEFI/BIOS setting can't be changed once set already, I wonder if such practice is also the case in Intel SGX technology (SGX Intel, SGX Wikipedia), which I probably would like to disable too since I've seen from this Linux shell script that SGX is Enabled in my system configuration and then proved by looking into UEFI/BIOS, where it's currently set to Software Controlled, I would like to ask if having SGX enabled or software-controlled is a bad practice, or worse - Could Intel SGX be dangerous under Linux?
Personal Background
I'm a security amateur at home. I'm primarily interested in VPN topics, and I don't even know what SGX really does yet.
linux intel-sgx
linux intel-sgx
edited Mar 24 at 13:52
Vlastimil
asked Mar 24 at 9:04
VlastimilVlastimil
608921
608921
What is your threat model?
– forest
Mar 24 at 9:33
1
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22
add a comment |
What is your threat model?
– forest
Mar 24 at 9:33
1
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22
What is your threat model?
– forest
Mar 24 at 9:33
What is your threat model?
– forest
Mar 24 at 9:33
1
1
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22
add a comment |
1 Answer
1
active
oldest
votes
SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.
And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205969%2fcould-intel-sgx-be-dangerous-under-linux%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.
And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
add a comment |
SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.
And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
add a comment |
SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.
And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.
SGX can be used to protect critical operations (like cryptography using secret keys) against inspection from outside the SGX enclave. It can also be used by an attacker already on the system to hide his activities against inspection. Thus, unsurprisingly there is no absolutely good or absolutely bad - it depends a lot on your specific (and unknown to us) environment and risk profile.
And the same is true for Computrace too. The control it allows a remote party can be used for good and bad, where the intention is actually to be used for good: track down stolen notebooks. And to make this possible it is actually necessary that it can not be simply disabled by an attacker.
edited Mar 24 at 9:37
answered Mar 24 at 9:34
Steffen UllrichSteffen Ullrich
119k15209276
119k15209276
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
add a comment |
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
1
1
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
It may be useful to note that the existence of the enclave can't be hidden, so you can still know if malicious software is trying to hide its exact activities, even if you don't know what those activities are.
– forest
Mar 24 at 9:35
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
@Vlastimil: not traveling with the laptop and no access for other people does not describe in any way what you are actually doing with this laptop - it only describes a few things you don't do with it. Insofar it is not useful in deciding if SGX might be useful for you or not. In general: if you do something on the system which involves secrets it might be useful - if the specific software actually uses SGX to protect these secrets.
– Steffen Ullrich
Mar 24 at 10:07
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
"I might have 100% misunderstood the point of SGX..." - since you don't explain how you understood SGX in the first place I cannot tell you if your understanding is correct or wrong.
– Steffen Ullrich
Mar 24 at 10:55
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205969%2fcould-intel-sgx-be-dangerous-under-linux%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What is your threat model?
– forest
Mar 24 at 9:33
1
@forest I'm not sure what your question means. You might want to put it in layman's terms for me. Thank you.
– Vlastimil
Mar 24 at 13:09
A threat model is an abstract model of a person's adversaries, the assets the adversaries are attempting to compromise, and various other salient factors. For example, SGX, as Steffen Ullrich says, makes it possible for malware to hide its exact computations, but it does not allow someone to escalate privileges.
– forest
Mar 25 at 0:20
In general, unless your threat model is really, really specific E.g. If you are a reverse engineer who expects to be infected with malware performing secret computations and which does not run privileged and while you have no access to log the infection vector (network, etc) then SGX might not be a great idea because you wouldn't be able to analyze the malware (but you would know it exists and know what overt actions it takes on your computer). Otherwise, you have absolutely nothing to worry about and SGX is harmless.
– forest
Mar 25 at 0:22