⚙️
Morphisms: Confidential Serverless Containers
  • Introduction
  • Preliminaries
    • What is Confidential Computing?
      • Threat Model
      • Intel SGX
        • Threat Model
        • Memory Layout
        • Memory encryption
        • Enclave Lifecycle
        • Entering and Exiting an Enclave
        • Measurement
        • Certificate
        • Key Derivation
        • Attestation
        • Gramine
        • SGX2
        • Secret Key Provisioning
      • AMD SEV-SNP
        • Encrypted CPU Registers
        • Memory encryption
        • Secure Nested Paging
        • Virtual Machine Privilege Levels (VMPL's)
        • Cryptographic Keys
        • Secret Key Provisioning
        • Guest Deployment
    • Serverless (FaaS)
      • Knative
  • Confidential Serverless Containers
    • Introduction
    • Intel SGX
      • Threat Model
      • Remote attestation verification
      • Secure Storage
        • HashiCorp's Vault
      • Architecture
        • Confidential Knative
        • Certificates
        • Session Management
      • Confidential Container Configuration
    • AMD SEV-SNP
      • Threat Model
      • Architecture
        • Network communication
        • KMS
        • Updates
        • Key rotation
      • Design Decision
  • Benchmarks
    • Hardware
    • Results
    • Architecture Comparison
  • Getting Started
    • FAQ
    • Intel SGX
    • AMD SEV-SNP
  • Glossary
    • SGX Glossary
    • AMD SEV-SNP Glossary
Powered by GitBook
On this page
  1. Preliminaries
  2. What is Confidential Computing?

Intel SGX

PreviousThreat ModelNextThreat Model

Last updated 1 year ago

Intel Software Guard Extensions (SGX) was released in 2015 with the sixth-generation Intel Core microprocessors based on the Skylake microarchitecture. Initially, SGX was also available for desktop CPUs up to the 10th generation, referred to as SGX1, and is now only available for server CPUs with some modifications and tuning, referred to as SGX2.

Intel SGX is a set of instructions that extends Intel's x86 architecture with confidential computing and provides process-based TEE's. This means that a TEE is embedded in a process for application instances. This TEE is called an enclave and isolates the application inside it from the rest of the software stack. The figure below compares the attack surface of a normal application with that of an enclave and shows the drastically reduced attack surface of an enclave. Only the code running in the enclave and the CPU needs to be trusted and acts as an attack surface. An enclave resides in a protected memory region and can only be accessed if the trusted CPU allows it.

Attack Surface of a Normal Application vs. Attack Surface of an Enclave