Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
AMD (SEV) & Intel (SGX) are NOT reliable #18
Intel (SGX) - software as well as hardware
v2 introduced Flexible Launch Control, which allows the system admin to take control over the signing process and not Intel.
A practical example to "inject" malware into SGX is shown over here.
New Intel processors using Total Memory Encryption (TME) and Multi-Key Total Memory Encryption (MKTME) instead. SGX is EOL.
AMD (SEV) (RAM encryption in e.g. AMD Epyc processors)
Disable SGX in bios, and if installed uninstall the application and the driver. Performance problems and SGX is "ineffective".
Update the firmware and wait until AMD patches it.
Both weaknesses are irrelevant for us, as I wrote in the guide you should disable it and ensure you update to the latest BIOS/Firmware. So this is a "wontfix", since migration is not entirely possible without altering our security "best practices" strategy.