Intel Software Guard Extension (SGX) has been advertised as key enabler of trusted cloud computing, where customers can solely rely on the CPU hardware for protecting their intellectual property and data against curious or malicious cloud providers. With the upcoming version SGXv2 Intel opens their technology for the open-source community, allowing them to bypass Intel’s strict enclave signing policy via their own key infrastructure. How cool is that!
Well instead of protecting users from harm, SGX currently poses a security threat, facilitating so-called super-malware with ready-to-hit exploits. Strong confidentiality and integrity guarantees of SGX fundamentally prohibit malware inspection and analysis. Then there is the NEXT generation of ransomware that will securely keep encryption keys inside the enclave and, if implemented correctly, prevent ransomware recovery tools. Currently, there are no practical defenses against enclave malware, partly due to the lack of a proper understanding and evaluation of enclave malware. Read more about the threat here.