Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don’t think it’s helpful to confuse side-channel or micro-architectural attacks with attacks on SGX itself. Stating that hardware enclaves don’t work and do not ship is absurd, they are present in virtually every modern phone for one thing.

Code running in an SGX enclave is measured and absolutely known at enclave launch. The fact that enclave memory is encrypted for confidentiality is unrelated.

I don’t understand why you think trusting the hyper visor is helping anything. You are still open to this attack, and to all side channel attacks as soon as you run any untrusted code.



Which phone uses enclave on top of untrusted OS, as opposed to running the enclave on the side of untrusted OS?


Every Android phone which has an ARM chip with Trustzone.


Which doesn't run on top of on untrusted OS, like with SGX, but rather on the side, which is what I'm describing.


Both SGX and Trustzone are TEEs, which are segregated from the rich execution environment (the untrusted OS)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: