Re: [PATCH v6 00/11] Intel SGX Driver
From: James Bottomley
Date: Thu Jan 04 2018 - 10:09:30 EST
On Thu, 2018-01-04 at 15:17 +0100, Cedric Blancher wrote:
> So how does this protect against the MELTDOWN attack (CVE-2017-5754)
> and the MELTATOMBOMBA4 worm which uses this exploit?
Actually, a data exfiltration attack against SGX, using page tables has
already been documented:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/van-bulck
It doesn't exploit speculation as the mechanism for gathering data (it
exploits page faults), but the structure of the side channel attack
used to exfiltrate data from the supposedly secure enclave is very
similar to Spectre. ÂThe targetting mechanism is very different,
though: the page table exploit assumes you can control the page tables,
so you must be highly privileged on the platform but with Spectre you
merely have to be an ordinary user.
James