AMD SEv

115 views
Skip to first unread message

ΓΙΩΡΓΟΣ ΣΤΥΛΙΑΝΟΥ

unread,
Feb 3, 2021, 1:39:15 PM2/3/21
to Asylo Users
Hi guyz,

i have some dummies questions regarding asylo.
To start with i would like to ask the following:
Do i need a cpu that supports TEE like intel sgx ready or amd sev ready in order to use asylo?
if not, running asylo on a simple cpu means that is creates an enclave in which i can execute my code while being encrypted?

Thanx in advance.


Dionna Amalie Glaze

unread,
Feb 3, 2021, 3:18:55 PM2/3/21
to ΓΙΩΡΓΟΣ ΣΤΥΛΙΑΝΟΥ, Asylo Users

Hi, thanks for your interest in Asylo :)

Asylo provides an SGX simulation mode to test your enclave code on non-SGX enabled machines, and a remote backend that allows you to treat a remote machine as your secure execution context.

Neither of these intrinsically encrypt your memory in use, so to get that security property, you’d need to use an SGX-enabled machine with the sgx_hw backend.

Asylo does not have an AMD SEV backend. SEV and SGX are significantly different technologies, but the backend abstraction could in general work for SEV.

Cheers,

Dionna (Asylo team)



--
Visit asylo.dev for the latest information.
---
You received this message because you are subscribed to the Google Groups "Asylo Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/989d39e3-d0c0-4f66-8090-9ac36e944ca4n%40googlegroups.com.


--
-Dionna Glaze, PhD (she/her)

Bao Bao

unread,
Feb 3, 2021, 3:24:52 PM2/3/21
to Asylo Users
Hi, thank you for your answer.

May I ask if you have a plan to support AMD SEV, Intel TDX, or Trust Zone in Asylo in the future? 

Thanks,
Bao

ΓΙΩΡΓΟΣ ΣΤΥΛΙΑΝΟΥ

unread,
Feb 3, 2021, 3:37:22 PM2/3/21
to Asylo Users
Hey Dionna,

thank you very much for your answer.
So, by the time that the hardware used is not sgx ready the attestation feature cannot be used.
is that correct?

Dionna Amalie Glaze

unread,
Feb 3, 2021, 8:25:55 PM2/3/21
to ΓΙΩΡΓΟΣ ΣΤΥΛΙΑΝΟΥ, qink...@gmail.com, Asylo Users

Bao, I do apologize, but I cannot comment publicly about our roadmap. 

To ΓΙΩΡΓΟΣ, it seems you’re asking if attestation works without real SGX hardware? If so, then yes the attestation code works in sgx-sim mode and is suitable for testing purposes. Please keep in mind the attestation is rooted in hard-coded software keys (see https://github.com/intel/linux-sgx/blob/master/sdk/simulation/tinst/deriv.cpp) and could be forged by anyone with the key.

Cheers,

Dionna (Asylo Team)



To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/97573f80-d3ea-4fa7-80e8-c82b2ce1b5fen%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages