Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So is SGX open to everyone? We don't need a key signed or blessed by Intel to use it? If so that's great. Provably secure mixing services. Secure data processing clouds. Sounds neat.

You could build a secure webmail system and verify it's running as designed.



Probably yes, kind of.

On newer CPUs (unclear which ones yet), there is a set of MSRs called IA32_SGXLEPUBKEYHASH. If available and unlocked by BIOS, then SGX is open to everyone.

Looking at the provided Launch Enclave source (https://github.com/01org/linux-sgx/blob/master/psw/ae/le/lau...), it appears that, even on existing CPUs, the LE can be configured to launch anything. There's a file in the git tree (https://github.com/01org/linux-sgx/blob/master/psw/ae/data/p...) that sounds promising, but I haven't checked whether it's signed with production keys or whether it works for this purpose.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: