Sample Page

Intel SGX is a set of new instructions from Intel that allows user-level code to allocate private regions of memory, called enclaves, that unlike normal process memory is also protected from processes running at higher privilege levels.^[1]

Support for SGX in the CPU is indicated in CPUID “Structured Extended feature Leaf”, EBX bit 02,^[2] but its availability to applications requires BIOS support and opt-in enabling which is not reflected in CPUID bits. This complicates the feature detection logic for applications.^[3]

Emulation of SGX was added to experimental version of QEMU system emulator in 2014.^[4] In 2015, researchers at the Georgia Institute of Technology released an open-source simulator known as OpenSGX.

It was introduced in 2015 with the sixth generation Intel Core microprocessors based on the Skylake microarchitecture.

References

Computer security portal

^ “Intel® SGX for Dummies (Intel® SGX Design Objectives)”. intel.com. 2013-09-26.
^ Intel Architecture Instruction Set Extensions Programming Reference, Intel, AUGUST 2015, page 36 “Structured Extended feature Leaf EAX=07h, EBX Bit 02: SGX”
^ “Properly Detecting Intel® Software Guard Extensions in Your Applications”. intel.com. 2016-05-13.
^ https://tc.gtisc.gatech.edu/bss/2014/l/final/pjain43.pdf

External links

Intel Software Guard Extensions (Intel SGX) / ISA Extensions, Intel
- Intel Software Guard Extensions (Intel SGX) Programming Reference, Intel, October 2014
- IDF 2015 – Tech Chat: A Primer on Intel® Software Guard Extensions, Intel (poster)
- ISCA 2015 tutorial slides for Intel SGX, Intel, June 2015
McKeen, Frank, et al. (Intel), Innovative Instructions and Software Model for Isolated Execution // Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 2013.
Joanna Rutkowska, Thoughts on Intel’s upcoming Software Guard Extensions (Part 1), August 2013
SGX: the good, the bad and the downright ugly / Shaun Davenport, Richard Ford (Florida Institute of Technology) / Virus Bulletin, 2014-01-07

CPU technologies

Architecture	Von Neumann Harvard (Modified) Dataflow TTA

Instruction set	ASIP CISC RISC EDGE EPIC MISC OISC VLIW NISC ZISC TRIPS Comparison

Word size	1-bit 4-bit 8-bit 9-bit 10-bit 12-bit 15-bit 16-bit 18-bit 22-bit 24-bit 25-bit 26-bit 27-bit 31-bit 32-bit 33-bit 34-bit 36-bit 39-bit 40-bit 48-bit 50-bit 60-bit 64-bit 128-bit 256-bit 512-bit Variable

Execution	Instruction pipelining Bubble Operand forwarding Out-of-order execution Register renaming Speculative execution Branch predictor Memory dependence prediction Hazards

Parallel level	Bit Bit-serial Word Instruction Scalar Superscalar Task Thread Process Data Vector Memory

Multithreading	Temporal Simultaneous Preemptive Cooperative

Flynn’s taxonomy	SISD SIMD MISD MIMD SPMD Addressing mode

Types	Digital signal processor (DSP) GPGPU Microcontroller Physics processing unit System on a chip (SoC) Cellular

Components	Address generation unit (AGU) Arithmetic logic unit (ALU) Barrel shifter Floating-point unit (FPU) Back-side bus Multiplexer Demultiplexer Registers Memory management unit (MMU) Translation lookaside buffer (TLB) Cache Register file Microcode Control unit Clock rate

Power management	APM ACPI Dynamic frequency scaling Dynamic voltage scaling Clock gating

Hardware security	Non-executable memory (NX bit) Bounds checking (Intel MPX) Hardware restriction (firmware) Software Guard Extensions (Intel SGX) Trusted Execution Technology Secure cryptoprocessor Hardware security module Hengzhi chip