720-891-1663

Intel’s SGX Security Feature Not So Secure

Return to list of client alerts

Intel’s security extensions, called the Software Guard Extension (SGX), is supposed to secure your most sensitive information.

Unfortunately for Intel, there have been a raft of bugs in the last several years.

Microsoft issued five SGX-related patches this month alone.

Two of the bugs involve privilege escalation and disclosure of information – not something you want to have happen to your security processor.

Worse yet, because of all of the problems Intel has had with the chips, they have deprecated the SGX instructions in the 11th and 12th generation “Core” chips. This means that those chips don’t have an SGX capability.

In addition to these bugs, Intel has released patches for other bugs in its Intel Server Platform Services, Xeon chips and some Atom chips. It has not been a great couple of years for Intel.

One downside of Intel deprecating the SGX, is that some apps are dependent on it and will not run on systems that don’t have it. This means that those applications just won’t run on new computers. One example is Blue Ray Ultra HD disks. They use a version of Digital Rights Management that requires the SGX. No SGX and it won’t work.

The bad news for users is that they are not likely to figure out that the computer that they just spent a lot of money on will not run the programs that they use until after they buy the machines and try to use them. If you are buying a new computer personally, you might want to check on the return policy, buy an older model or, if you are buying several for a business, buy one first and test it.

Credit: Bleeping Computer and The Register