On Tue, Feb 23, 2016 at 04:28:03PM -0800, Max R.D. Parmer wrote: > It seems like SGX is intertwined with the Intel Management Engine, > Chapter 4 in Joanna Rutkowska's "Intel x86 considered harmful"[1] (pp. > 35) goes in-depth on the potential issues with Intel ME. > > That same book has some light discussion on SGX (pp. 20) but it seems > like, if you are concerned about ME eavesdropping, SGX wouldn't stop > that (at least as of October 2015).
Well my concern was more that SGX would provide leverage for even more eavesdropping, rather than prohibit it. > If you are feeling paranoid but want an Intel chip, I would recommend > you choose the pre-vPro/AMT systems (sandybridge or earlier, iirc). I was going to stay clear of vPro in any case. I would try an AMD laptop (a few years back, the el-cheapo Thinkpad x100-series had an AMD version), but there are hardly any options nowadays. :-/ > [1]: http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf Thanks for the link, I'll have a read. > On Tue, Feb 23, 2016, at 15:34, Frank Steinmetzger wrote: > > Hello list > > [...] > > Today the new Skylake lineup which I’ve been awaiting since January > > finally appeared in the Lenovo online shop. Conincidentally also today¹, > > I found out about the next thing since TPM, Secure Boot & Co: the SGX > > (Software Guard Extension) instruction set which is part of all Skylake > > chips². > > > > The way I understood it is that it can be used to create private areas > > in memory that are inaccessible to any other program, even the operating > > system. Since it’s based on cryptographic signatures and Intel being the > > sole supplier of licences and signature keys, there are those who fear > > that Intel will – over time – gain unparalleled control over what we can > > and cannot run on our machines and that we will not be able to check > > what runs on our systems anymore. (Well, such fears are not really new > > to begin with). > > > > > > Infos are spare b/c it just hit the market a short wile ago, and I’m no > > expert by far. Thus I seek guidance. With states and corporations > > sniffing at our every step as they are already, can I – in your > > considered opinion – still buy a Skylake device with good concience? > > [...] > > ¹ German news article: > > > > http://www.heise.de/security/meldung/Kritik-an-Intels-Sicherheits-Architektur-Software-Guard-Extensions-3089439.html > > ² https://en.wikipedia.org/wiki/Software_Guard_Extensions > > -- > > Gruß | Greetings | Qapla’ > > Please do not share anything from, with or about me with any social > > network. > > > > This message was written using only recycled electrons. > > Email had 1 attachment: > > + signature.asc > > 1k (application/pgp-signature)
