Bug #10484: Use Intel SGX for better isolation

Bug #10484

Use Intel SGX for better isolation

Added by cypherpunks 2015-11-04 13:16:47 . Updated 2015-11-11 09:43:29 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Hardware support

Target version:

Start date:

2015-11-04

Due date:

% Done:

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Intel SGX is a hardware-assisted technology for isolation, allowing processes to keep secrets from each other and even from rootkit/antivirus/OS/hypervisor and ensure integrity. In fact it is highly bound with Intel keypair (Intel can break the REMOTE ATTESTATION because it has private key), but you don’t need to use remote attestation, that’s why this is unrelevant for our case.

The disadvantage is that you would have to change design of all the applications to make use of this technology.

Subtasks

History

#1 Updated by Dr_Whax 2015-11-04 13:18:39

How would this work in practice? Any links?

#2 Updated by mercedes508 2015-11-05 12:56:28

Which percentage of actual Tails users mught use it?

#3 Updated by Dr_Whax 2015-11-06 03:19:54

mercedes508 wrote:
> Which percentage of actual Tails users mught use it?

A very small percentage of users until they move to very recent hardware. It might be interesting in a couple of years but for now, i’m not convinced. But happy to start a blueprint for what’s needed.

#4 Updated by mercedes508 2015-11-11 09:43:29

Status changed from New to Rejected

I’m closing it as cypherpunks is not answering. To me it simply looks like dropping ideas without even arguing.
So unless cypherpunks comes back, it’s closed.