quinnburke
commented
4 days ago bump
Open jonahrosenblum opened 2 years ago
quinnburke
commented
4 days ago bump
jonahrosenblum
commented
1 day ago @quinnburke Hey Quinn, I have since read through some Intel documentation about "Scalable SGX." Although I cannot find the document online anymore, it does explicitly say that they do not provide guarantees of freshness in the presence of a physical adversary. The whole thing is rather murky and not well explained - if you want clear hardware/software guarantees I recommend using the consumer-grade/original SGX. If someone at Intel thinks I misunderstood their documentation I would love to learn more about Intel's vision for Scalable SGX.
Last year Intel announced that their new 3rd gen Xeon Scalable Processor can support up to 1 TB of EPC. I always understood that the small EPC in SGX was due to the need for an on-chip Merkle tree that maintains freshness. This announcement by Intel was accompanied by an explanation saying that they have overcome this scaling issue by removing the Merkle tree/MEE and instead using AES-XTS. I have read a few sources explaining AES-XTS, but have not been able to confirm anywhere if it provides support for checking freshness. Some sources even seem to imply that freshness is not guaranteed anymore, but this could be me reading into certain claims incorrectly. I was hoping to learn more from Intel/get an official source on this because I am having difficulty finding clear information on the subject. Thank you!