Risk Assessments/Management

Intel Downplays Potential for SGX Security Platform Compromise

Share
Computer repair concept. Hardware or software error.

SC Media reports that Intel has minimized the possibility of its SGX security platform being compromised following a Positive Technologies analysis purporting Intel processor Root Provisioning Key and Root Sealing Key exfiltration through hardware access.

Such a compromise was only possible on systems without up-to-date mitigations and appropriate Flash Descriptor write protection, which had been used in Positive Technologies' tests, said Intel in an advisory.

"Researchers are using previously mitigated vulnerabilities dating as far back as 2017 to gain access to what we call an Intel Unlocked state (aka 'Red Unlocked') so these findings are not surprising," noted Intel, which added that the retrieval of encrypted keys as a result of the tests indicates further complications for threat actors looking to exploit the issue.

Intel still called on organizations' admins to ensure continuous updates and Intel Firmware Version control in their systems, while urging system vendors to leverage the newest firmware builds.