Intel SGX - Software Guard Extensions - bad DRM or useful?
July 18, 2015 8:40 AM   Subscribe

In looking for news about Skylake, I saw some discussion about Intel SGX, which will create some kind of enclave inside of a system. Some folks classified it as a useful way to stop malware, while others characterized as widespread DRM that is invasive and problematic. For future PC purchases, is Skylake something I should avoid as a result?
posted by cashman to Computers & Internet (3 answers total) 1 user marked this as a favorite
Best answer: well, i am no expert, and i haven't looked at this in some time, but from what i remember it's intended to help avoid unapproved copying of digital media. the "problem" with digital media always was that at some point it has to pass through the cpu, which can more or less execute arbitrary code. the aim of sgx is to provide a way to construct a "pipe" through which data for digital media can flow so it comes from, say, a blue ray reader with hardware that only lets it be read by software written by, say, sony, and then passes securely through the cpu and out to hardware that, for example, guarantees it is displayed only (and not saved).

so the different takes on it come from (1) what people feel about a world like that (where, for example, they have even less control over the media they "bought"); (2) the technical steps needed to make that possible (for example, whether sony has some control over what is "inside" their cpu, that users cannot control, or how these data are updated); (3) the degree to which it affects "alternative" operating systems and the like (for example, will linux no longer be able to play video?); (4) the idea that big media companies have access and control over things that are not available to smaller companies and individual people; (5) whether it can really be implemented perfectly, and, if not, does it lead to security holes for general users.; (6) whether this will extend beyond "media" (i can imagine the same basic approach being used to manage encryption code that gives the NSA backdoor access, for example).

in the long run, i doubt you will be able to avoid it. this is intended for "all" consumer cpus.

oh, and it's not "useful" for you, except via the media companies - it's "useful" for you in the same way that extending copyright for disney is "useful" for you. it is intended to restrict what people can do, not enable them.
posted by andrewcooke at 11:59 AM on July 18, 2015 [3 favorites]

Best answer: Honestly i think this is one of those things like TPM that will just blow over, and if it does create some meaningful restriction on how you use your machine, it'll have more force against cracking it than iOS or any other major cracking target with lots of motivation. This will be cracked as fast as windows activation is every freaking time. I could, off the top of my head, see something that essentially works like a rootkit(like some windows activation solutions) being able to basically disable this feature by showing it as unavailable, and making your CPU show up to windows as an older chip.

On the flip side, there is no point to upgrading to skylake. Intel has pushed back their truly-new 10nm series of chips years, and even the newest ones are only marginally faster. than what's out now, and when you compare that to where we were four years ago with the 2nd gen i series chips, forward momentum just isn't what it used to be.

People are still using sandy bridge chips in higher end gaming systems, even the locked non-overclockable ones. The difference, although significant seeming in synthetic benchmarks, isn't very big. Like ~5fps in most games or something, and not noticeable in pro apps(*if you're already using something with HT like an older i7). And once you get to ivy bridge or current haswell stuff... just not worth it.

I know nerdy linux people who were refusing to upgrade and even considering stockpiling hardware to avoid TPM. I thought it was silly then, and i still think it's pretty silly now. But the difference now is that performance is flat. Nothing beyond a couple more ticks on a benchmark is going to happen for years. If your system is newer than 2011, your not going to see any big gains from upgrading anyways(unless you're on an i3 or a dual core mobile part, or mobile battery life).
posted by emptythought at 3:18 PM on July 18, 2015

Best answer: SGX was basically created in response to the fact that you can't trust the OS to be compromise free any more. It was not created as a TPM replacement (though it could be used for this). The main use case for SGX was the problem where malware is stealing information lying in RAM by scanning it in the OS, where it has access to all memory pages. I will argue that you will not be able to avoid it in the future as it's due to become a core part of the logical architecture (though you may be able to turn it off in the BIOS). So don't avoid Skylake.
posted by gadha at 6:06 PM on July 18, 2015

« Older Kitchen Pantry Cooking Challenge!   |   How to pick a topic for a blog? Newer »
This thread is closed to new comments.