跳转至主要内容
英特尔标志 - 返回主页
我的工具

选择您的语言

  • Bahasa Indonesia
  • Deutsch
  • English
  • Español
  • Français
  • Português
  • Tiếng Việt
  • ไทย
  • 한국어
  • 日本語
  • 简体中文
  • 繁體中文
登录 以访问受限制的内容

使用 Intel.com 搜索

您可以使用几种方式轻松搜索整个 Intel.com 网站。

  • 品牌名称: 酷睿 i9
  • 文件号: 123456
  • Code Name: Emerald Rapids
  • 特殊操作符: “Ice Lake”、Ice AND Lake、Ice OR Lake、Ice*

快速链接

您也可以尝试使用以下快速链接查看最受欢迎搜索的结果。

  • 产品信息
  • 支持
  • 驱动程序和软件

最近搜索

登录 以访问受限制的内容

高级搜索

仅搜索

Sign in to access restricted content.

不建议本网站使用您正在使用的浏览器版本。
请考虑通过单击以下链接之一升级到最新版本的浏览器。

  • Safari
  • Chrome
  • Edge
  • Firefox

Intel® Software Guard Extensions

  

Intel® Software Guard Extensions SDK for Linux* OS

Intel designed Intel® Software Guard Extensions (Intel® SGX) to protect against hardware and software attacks.

Download

  

Overview

Intel SGX is for application developers seeking to protect select code and data from disclosure or modification. Intel SGX makes such protection possible by using enclaves. Enclaves are protected areas of execution. Application code can be put into an enclave via special instructions, and software can be made available to developers via the Intel® SGX SDK for Linux* OS.

The SDK is a collection of APIs, libraries, documentation, sample source code, and tools that allow software developers to create and debug applications enabled by Intel SGX in C/C++.

Application code running within an Intel SGX enclave:

  • Benefits from new Intel SGX instructions introduced with 6th generation Intel® Core™ processor (or later) platforms
  • Relies on an Intel® driver or the operating system for access to Intel SGX instructions and resource management
  • Runs within the context of its parent application, thereby benefiting from the full power of the Intel® processor
  • Reduces the trusted computing base of its parent application to the smallest possible footprint
  • Remains protected even when the BIOS, virtual machine monitor (VMM), operating system, and driver are compromised, implying that an attacker with full execution control over the platform can be kept at bay

  • Benefits from memory protections that thwart memory bus snooping, memory tampering, and “cold boot” attacks on images retained in RAM
  • Uses hardware-based mechanisms to respond to remote attestation challenges that validate its integrity
  • Can work in concert with other enclaves owned or trusted by the parent application
  • Can be developed using standard development tools, thereby reducing the learning curve impact on application developers

Security Properties

Intel designed Intel SGX to protect against hardware and software attacks.

For Software Protection:

  • The enclave memory cannot be read or written from outside the enclave regardless of current privilege level and CPU mode (ring3 [user-mode], ring0 [kernel-mode], system management mode [SMM], VMM, or another enclave). The abort page is returned in such conditions.
  • An enclave can be created with a debug attribute that allows a special debugger (Intel SGX debugger) to view its content like a standard debugger. Production enclaves (non-debug) cannot be debugged by software or hardware debuggers.
  • The enclave environment cannot be entered via classic function calls, jumps, register manipulation, or stack manipulation. The only way to call an enclave function is via a new instruction that performs several protective checks. Classic function calls initiated by enclave code to functions inside the enclave are allowed.
  • CPU mode can only be 32- or 64-bit when executing enclave code. Other CPU modes are not supported. An exception is raised in such conditions.

For Hardware Protection

  • The enclave memory is encrypted using industry-standard encryption algorithms.
  • Tapping the memory or connecting the DRAM modules to another system only gives access to encrypted data.
  • The memory encryption key randomly changes every power cycle (for example, boot, sleep, or hibernate). The key is stored within the CPU and is not accessible.
  • Intel SGX is not designed to handle side channel attacks or reverse engineering. It is up to the Intel SGX developers to build enclaves that are protected against these types of attacks.

Intel SGX uses strong industry-standard algorithms for signing enclaves. The signature of an enclave characterizes the content and the layout of the enclave at build time. If the enclave’s content and layout are not correct per the signature, the enclave fails to be initialized and does not run. If an enclave is initialized, it should be identical to the original enclave and is not modified at runtime.

Application Design Considerations

Design for an Intel SGX application is different than a third-party application because it requires dividing the application into two logical components:

  • Trusted component. The code that accesses the secret resides here, and is called an enclave. More than one enclave can exist in an application.
  • Untrusted component. This is the rest of the application, including all of its modules.1

The application developer should make the trusted component as small as possible with a minimal enclave interface definition. It is suggested that enclave functionality be limited to operating on the secret data. A large enclave with complex interface definition presents a larger attack surface than a small enclave with a small and concise interface.

The enclave code can leave the protected memory region and call functions in the untrusted zone (by a special instruction). Reducing the enclave dependency on untrusted code also strengthens its protection against possible attacks.

Embracing the above design considerations improves protection as the attack surface is minimized.

As the first step to harnessing the Intel® Software Guard Extensions SDK in the application, developers must rearchitect or refactor the application to fit these guidelines. This is accomplished by isolating the code modules that access any secrets, and then moving these modules to a separate package or library. Sample code included in the Intel SGX SDK demonstrates how to create an enclave. 

1. From an enclave standpoint, the operating system and VMM are also not trusted components. 

Downloads

Get the latest release materials:

  • Intel® Software Guard Extensions Data Center Attestation Primitives (Intel® SGX DCAP)
  • Intel SGX SDK

Access current release notes:

  • Intel SGX SDK for Linux OS
  • Intel SGX DCAP

Source Code Repositories

Intel SGX Software Stack

The Intel SGX SDK for Linux OS software stack consists of the driver, the SDK, and the platform software.

The SDK and platform software are hosted in the Intel SGX SDK for Linux OS project (linux-sgx) on GitHub*.
 

Intel SGX Support in the Linux Kernel

The mainline Linux kernel has had built-in Intel SGX support since release 5.11. The in-kernel Intel SGX driver requires the platform to support and to be configured for flexible launch control (FLC). Use the mainline kernel with Intel SGX support whenever possible.

There are two other kernel space options available for special use cases:

  • If your distribution kernel is older than version 5.11 or does not have the in-kernel Intel SGX support, you can use the Intel SGX DCAP driver as a temporary solution before transitioning to kernel version 5.11 or later. It provides an interface close to the mainline kernel and also requires the platform to support and to be configured for FLC.
  • If you need to use a non-FLC platform, the Intel SGX for Linux OS driver project hosts an out-of-tree driver. This driver is provided to support running Intel SGX enclaves on platforms that only support legacy launch control. It may also be installed on platforms configured with FLC, but these platforms will only load production enclaves that conform to the legacy launch control policy.
    Get the out-of-tree driver.

For more information, see the Intel SGX SDK for Linux OS Installation Guide.

Note Although the Intel SGX SDK and platform software are compatible with all of these drivers, the legacy non-FLC driver and the Intel SGX DCAP driver are updated only for critical security fixes. New features or functionalities implemented in the mainline kernel cannot be ported to the legacy non-FLC driver or Intel SGX DCAP driver due to limitations of being out-of-tree implementations.

For patches and ongoing development of new Intel SGX features in the Linux kernel, subscribe to the Linux SGX development mailing list.

Intel® Software Guard Extensions Data Center Attestation Primitives on GitHub*

This repository contains Intel SGX attestation support targeted for data centers, cloud services providers, and enterprises. This attestation model leverages the Elliptic Curve Digital Signature algorithm (ECDSA).

  • 公司信息
  • 英特尔资本
  • 企业责任部
  • 投资者关系
  • 联系我们
  • 新闻发布室
  • 网站地图
  • 招贤纳士 (英文)
  • © 英特尔公司
  • 沪 ICP 备 18006294 号-1
  • 使用条款
  • *商标
  • Cookie
  • 隐私条款
  • 请勿分享我的个人信息 California Consumer Privacy Act (CCPA) Opt-Out Icon

英特尔技术可能需要支持的硬件、软件或服务激活。// 没有任何产品或组件能够做到绝对安全。// 您的成本和结果可能会有所不同。// 性能因用途、配置和其他因素而异。请访问 intel.cn/performanceindex 了解更多信息。// 请参阅我们的完整法律声明和免责声明。// 英特尔致力于尊重人权,并避免成为侵犯人权行为的同谋。请参阅英特尔的《全球人权原则》。英特尔产品和软件仅可用于不会导致或有助于任何国际公认的侵犯人权行为的应用。

英特尔页脚标志