Date: 2017-01-19 01:39 pm (UTC)
From: [personal profile] dombeck
Intel SGX seems to solve all problems you mentioned here. You can run your service (for example SecureDrop) in an enclave. Then you can use the SGX remote attestation mechanism to attest to the client that the code is untampered and that it is indeed running in an SGX enclave.

To prevent MITM, you can create a secret inside the enclave when you set up the service, for example a Tor hidden service key or an SSL certificate, and store it with the SGX sealing mechanism. This way the secret can only be accessed from the same enclave on the same machine, and only if the code is untampered.

You can use this inside a general purpose OS, because no one, including admins and system firmware, can alter the code without losing access to the secret.

Of course there are some problems with SGX, for example you need a license from Intel to be able to actually use it. I hope this might change at some point, I think we should all pressure Intel to drop this requirement, so that we can use SGX in open source projects.
Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags