Re: intel sgx support

[Stephen Herwig <smherwig%cs.umd.edu@localhost>]

Right, newer Core i3/i5/i7 chips support SGX; on the server-side, support is limited to the Xeon E3, which targets entry-level servers.

In order to use all of the features of SGX, a developer needs to obtain licensing from Intel.  This agreement, combined with the DRM use case, has received mixed response.

That said, there has been a flurry of academic papers (https://github.com/vschiavoni/sgx-papers) exploring the technology.  The use cases that I find interesting are:

1. storing a server's private key in the enclave, and, optionally, performing TLS termination within the enclave, thereby securing the session key.  (See TaLos: https://www.doc.ic.ac.uk/~fkelbert/papers/talos17.pdf)

2. Combining SGX with containers/unikernels/libOSes to add a degree of hardware isolation to what are often OS-level virtualization techniques.  This is the topic of the SCONE and Haven papers.

Thanks,

Stephen

On Thu, Sep 28, 2017 at 4:58 AM, Dmitry Salychev <darkness.bsd%gmail.com@localhost> wrote:

I don't believe that introduction of Intel SGX back in 2015,
and a W3C proposal of making DRM part of web standards is a
coincidence. It seems like a DRM lobby.