[apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

[LeibnizCapital <no...@github.com.INVALID>]

Intel is releasing TME with upcoming Ice Lake CPUs. Do you know how it relates SGX and this SDK in particular? Paging into secure memory is a bottleneck. Assuming that the hardware cryptography of TME accepts enclave sealed keys, is all the DRAM now protected?

I know this is more of an Intel question but I can't find literature connecting TME with SGX. You're welcome to point me to the right manual to read.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333

Re: [apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

[Jeffrey Knight <no...@github.com.INVALID>]

It looks like we need to be very careful about processor selection if we want SGX MEE and not TME. 
I'm reading these specs as saying "if it has TME then it isn't using MEE". 

Could there be a BIOS setting to set Ice Lake chips to use MEE with the small Enclave Page Size ? 

[Intel® Xeon® E-2386G Processor](https://www.intel.com/content/www/us/en/products/sku/214806/intel-xeon-e2386g-processor-12m-cache-3-50-ghz/specifications.html)  Rocket Lake
  - Q3'21
  - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS 
  - [Doesn't mention TME so must be MEE]
  - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 0.5 GB

[Intel® Xeon® Gold 6312U](https://www.intel.com/content/www/us/en/products/sku/215282/intel-xeon-gold-6312u-processor-36m-cache-2-40-ghz/specifications.html) Ice Lake
  - Q2'21
  - Intel® Software Guard Extensions (Intel® SGX): Yes with Intel® SPS 
  - **Intel® Total Memory Encryption: Yes** [so not MEE]
  - Maximum Enclave Page Cache (EPC) Size for Intel® SGX: 64 GB


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-993868411

Re: [apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

[Pi Delport <no...@github.com.INVALID>]

According to <https://www.kernel.org/doc/html/v5.11/x86/sgx.html#encryption-engines>:

> In CPUs prior to Ice Lake, the Memory Encryption Engine (MEE) is used to encrypt pages leaving the CPU caches. MEE uses a n-ary Merkle tree with root in SRAM to maintain integrity of the encrypted data. This provides integrity and anti-replay protection but does not scale to large memory sizes because the time required to update the Merkle tree grows logarithmically in relation to the memory size.
>
> CPUs starting from Icelake use Total Memory Encryption (TME) in the place of MEE. TME-based SGX implementations do not have an integrity Merkle tree, which means integrity and replay-attacks are not mitigated. B, it includes additional changes to prevent cipher text from being returned and SW memory aliases from being Created.

Is this accurate?

If I understand it correctly, this would compromise the security properties of SGX dramatically, and make it unsuitable for many current applications, wouldn't it?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-899608319

Re: [apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

[Yu Ding <no...@github.com.INVALID>]

according to what i've known, no major changes in this sdk. things should work smoothly except the attestation procedure.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-811269507

Re: [apache/incubator-teaclave-sgx-sdk] Implications of Upcoming Total Memory Encryption (TME) (#333)

[Yu Ding <no...@github.com.INVALID>]

here are some other contexts i have:

1. TME is total memory encryption, another memory encryption technology apart from [Intel SGX Memory Encryption Engine](https://software.intel.com/content/www/us/en/develop/blogs/memory-encryption-an-intel-sgx-underpinning-technology.html).

2. Differences between TME and SGX MEE: SGX MEE guarantees memory integrity by maintaining a merkle tree. meanwhile the depth of the merkle tree limits the size of EPC; TME does not guarantee memory integrity (1st generation of TME) so EPC size limit is significantly higher than SGX MEE.

3. Intel SGX v2 (upcoming in icelake+whitley) uses MKTME, Multi-Key TME

4. Intel TDX, as a competitor of AME SEV, uses MKTME as well: https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/333#issuecomment-811551039