search

corna / me_cleaner

Tool for partial deblobbing of Intel ME/TXE firmware images
GNU General Public License v3.0
4.49k stars 278 forks source link

Intel ME and SGX #100

Open imlibra opened 6 years ago

imlibra commented 6 years ago

Is it possible to disable ME and keep availability of Intel SGX?

skochinsky commented 6 years ago

unlikely, since SGX relies on a DAL applet for attestation.

jethrogb commented 6 years ago

since SGX relies on a DAL applet for attestation

Only if you use monotonic counter/secure time. I've generated and verified with IAS many a succesful attestation without even having the ME driver installed.

imlibra commented 6 years ago

So which is better, ME-enabled platform with SGX based OpenSSL/LUKS/... protected, and fully disable ME?