13

I've been reading about Meltdown and Spectre today, and I'm wondering if they impact Intel SGX enclaves.

Now, my understanding of Meltdown is somewhat hazy, but AFAICT it does not impact secure enclaves, because it relies on the kernel being mapped into the same address space as processes, right? And it seems like Spectre only works to dump memory in the same process, which would mean that SGX enclaves won't leak memory in this case unless they were already compromised.

Is this correct?

strugee
  • 688
  • 1
  • 6
  • 16
  • I would recommend splitting this question into Spectre and Meltdown, as I suspect the answer will be different for each (but I don't know for sure). – Shelvacu Jan 04 '18 at 05:46
  • I think the Linux communities are dealing in right way here. They are creating literally separate partitions for kernel and application programs with a wider gap in the memory map. It's the first step and yet a huge hill to be climbed but, indeed they got a solid start here. – Ketan Bhalerao Jan 06 '18 at 16:08
  • 2
    Also interesting is the question if SGX enclaves may be used to conceal this type of attack. It has been shown for rowhammer before by Gruss et al. (https://arxiv.org/abs/1710.00551), but I guess (AKA hope) meltdown or spectre are even more involved. – Daniel C. Oderbolz Jan 09 '18 at 06:56
  • https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/754168 This is being discussed here. – Kumar Roshan Mehta Jan 13 '18 at 13:31

1 Answers1

9

Spectre. Intel SGX enclaves are indeed vulnerable to the Spectre attack as recently shown by researchers [1]. Their sample code manages to read a secret from protected SGX memory.

Update Mar 7th, 2018. Meanhwile, another paper on the matter was published: SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution [2].

[1] https://github.com/lsds/spectre-attack-sgx

[2] https://arxiv.org/abs/1802.09085

Florian
  • 248
  • 1
  • 5