Enable LVI mitigation for SGX #430

g2flyer · 2020-08-05T23:58:40Z

Is your feature request related to a problem? Please describe.

To harden the enclaves, it would be good to protect them against LVI attacks.

Describe the solution you'd like

Follow the steps in Section "Enable CVE-2020-0551 Mitigation" of the "Enclave Development Basics" Chapter (page 86ff in the Intel® Software Guard Extensions (Intel® SGX) SDK for Linux* OS -- Developer Reference )
[Note: this relies for ubuntu 18.04 on the upstream binutils For docker, we install intel's version distributed as part of the SDK in /opt/intel/sgxsdk.extras/external/toolset/ubuntu18.04 ...]

The text was updated successfully, but these errors were encountered:

g2flyer · 2020-11-04T18:36:08Z

Note: if you have a platform vulnerable to LVI, attestation verification will currently fail with isvEnclaveQuoteStatus=SW_HARDENING_NEEDED in the IAS verification report (e.g., you will encounter this error when you run on Azure Gen2 VMs.)

mbrandenburger · 2021-08-06T07:30:49Z

Note: if you have a platform vulnerable to LVI, attestation verification will currently fail with isvEnclaveQuoteStatus=SW_HARDENING_NEEDED in the IAS verification report (e.g., you will encounter this error when you run on Azure Gen2 VMs.)

#610 tackels this

g2flyer added the feature label Aug 5, 2020

g2flyer added this to the MVP milestone Aug 5, 2020

g2flyer modified the milestones: MVP FPC 1.0 (aka FPC Lite), FPC 1.1, Mature the Development Environment Dec 8, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enable LVI mitigation for SGX #430

Enable LVI mitigation for SGX #430

g2flyer commented Aug 5, 2020

g2flyer commented Nov 4, 2020

mbrandenburger commented Aug 6, 2021

Enable LVI mitigation for SGX #430

Enable LVI mitigation for SGX #430

Comments

g2flyer commented Aug 5, 2020

g2flyer commented Nov 4, 2020

mbrandenburger commented Aug 6, 2021