Intel SGX and Spectre

[awokd]

I found the following humourous:

"there is no credible engineering rationale to support the contention that
SGX enclaves will provide confidentiality guarantees in the face of these
new micro-architectural cache probing attacks."
https://idfusionllc.com/2018/01/25/sgx-after-spectre-and-meltdown-status-analysis-and-remediations/

And in a post here from June 28, 2016: "VM CPU mapping -
countermeasurements against covert channels via cpu caches?"
"With SGX, the memory is encrypted so that
it cannot be "read", however, the CPU still does calculations of an SGX
enclave the same way as without them which creates the opportunity for
the very same covert channels to form."
https://mail-archive.com/qubes...@googlegroups.com/msg01200.html

[Tai...@gmx.com]

SGX is a DRM anti-feature mechanism that prevents people from inspecting
what runs on their own computer and it enables malware that is immune to
antivirus programs because it runs in an ME enclave.

https://software.intel.com/en-us/sgx/details

"Hardening DRM for enhanced high definition, 4K ultra high definition
(UHD) content protection"

[awokd]

That's the part I found amusing. They sold their closed-source,
proprietary code running on ME as a "secure" enclave, but there was
conjecture on this very list two years ago that it was not and it was
proven with the Spectre exploit.