1 |
It seems like SGX is intertwined with the Intel Management Engine, |
2 |
Chapter 4 in Joanna Rutkowska's "Intel x86 considered harmful"[1] (pp. |
3 |
35) goes in-depth on the potential issues with Intel ME. |
4 |
|
5 |
That same book has some light discussion on SGX (pp. 20) but it seems |
6 |
like, if you are concerned about ME eavesdropping, SGX wouldn't stop |
7 |
that (at least as of October 2015). |
8 |
|
9 |
If you are feeling paranoid but want an Intel chip, I would recommend |
10 |
you choose the pre-vPro/AMT systems (sandybridge or earlier, iirc). I |
11 |
tend to think Intel ME is a very real risk for some users and will |
12 |
remain so until users are more empowered to dictate it's operation and |
13 |
until there are good public audits of it's code, and most importantly, |
14 |
the ability to disable it. |
15 |
|
16 |
Hopefully in a couple years we will have access to good quality laptops |
17 |
running on RISC-V. |
18 |
|
19 |
[1]: http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf |
20 |
-- |
21 |
0x7D964D3361142ACF |
22 |
|
23 |
On Tue, Feb 23, 2016, at 15:34, Frank Steinmetzger wrote: |
24 |
> Hello list |
25 |
> |
26 |
> so I was about to treat myself to a new Thinkpad. After malware, backdoor |
27 |
> and BIOS rootkit stories at Lenovo’s (which to my knowledge were all |
28 |
> Windows-only problems) I already started looking elsewhere and even |
29 |
> considered bying a used model which existed before all this modern crap |
30 |
> came |
31 |
> along, but always came back yet for lack of better alternatives. |
32 |
> |
33 |
> Today the new Skylake lineup which I’ve been awaiting since January |
34 |
> finally |
35 |
> appeared in the Lenovo online shop. Conincidentally also today¹, I found |
36 |
> out |
37 |
> about the next thing since TPM, Secure Boot & Co: the SGX (Software Guard |
38 |
> Extension) instruction set which is part of all Skylake chips². |
39 |
> |
40 |
> The way I understood it is that it can be used to create private areas in |
41 |
> memory that are inaccessible to any other program, even the operating |
42 |
> system. Since it’s based on cryptographic signatures and Intel being the |
43 |
> sole supplier of licences and signature keys, there are those who fear |
44 |
> that |
45 |
> Intel will – over time – gain unparalleled control over what we can and |
46 |
> cannot run on our machines and that we will not be able to check what |
47 |
> runs |
48 |
> on our systems anymore. (Well, such fears are not really new to begin |
49 |
> with). |
50 |
> |
51 |
> |
52 |
> Infos are spare b/c it just hit the market a short wile ago, and I’m no |
53 |
> expert by far. Thus I seek guidance. With states and corporations |
54 |
> sniffing |
55 |
> at our every step as they are already, can I – in your considered opinion |
56 |
> – |
57 |
> still buy a Skylake device with good concience? |
58 |
> |
59 |
> Am I seeing things too bleak in the context of constant attacks on open |
60 |
> systems which – when puzzled together – give a horrible picture of our |
61 |
> future in a society that doesn’t care as long as Facebook works? |
62 |
> |
63 |
> Or don’t I have to worry about it because this will only play a role in |
64 |
> the |
65 |
> walled gardens of contemporary commercial consuming interfaces (formerly |
66 |
> known as operating systems, AKA Windows) or servers? |
67 |
> |
68 |
> |
69 |
> Ew, I wanted to ask a simple question. Instead, I needed 30 minutes to |
70 |
> write |
71 |
> half a short story. Sorry and thanks for your time. |
72 |
> |
73 |
> |
74 |
> ¹ German news article: |
75 |
> http://www.heise.de/security/meldung/Kritik-an-Intels-Sicherheits-Architektur-Software-Guard-Extensions-3089439.html |
76 |
> ² https://en.wikipedia.org/wiki/Software_Guard_Extensions |
77 |
> -- |
78 |
> Gruß | Greetings | Qapla’ |
79 |
> Please do not share anything from, with or about me with any social |
80 |
> network. |
81 |
> |
82 |
> This message was written using only recycled electrons. |
83 |
> Email had 1 attachment: |
84 |
> + signature.asc |
85 |
> 1k (application/pgp-signature) |