new hardware device from Intel called SGX

This is for discussing general topics about how to use VirtualBox.
multiOS
Volunteer
Posts: 800
Joined: 14. Sep 2019, 16:51
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: WIN11,10, 7, Linux (various)
Location: United Kingdom

Re: new hardware device from Intel called SGX

Post by multiOS »

As a close, I checked the site, and right now I am at Windows 11 Version 22H2 (with New Feature Pack) and VB is not yet on 22H2. Got to wait. :(
Have you checked that the VM passes all of the core Windows 11 'hardware' compliance requirements? Hardware compliance testing is part of the qualification for receiving feature upgrades via the automated Microsoft Update system, so if it doesn't pass remote testing, then it won't be offered the upgrade. Whether the host system has an Intel or AMD processor is not relevant; the only way forward for a 'not fully compliant system' is to manually apply the those upgrades, using any necessary bypasses.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: new hardware device from Intel called SGX

Post by Oracleiscool »

@multiOS,
Thank you for that information. Well, we had a snafu here on the latest Feature Update breaking (to put it mildly) Explorer and the File Manager. (On my other machine Windows 10 22H2). Had to restore the system (reset) to get the system back up. Took Hours via the DISM command set. Since we just get a reboot (no sure if it logged it somewhere?) and the machine back running, not sure what to make of that issue. I know that there are definitely signs that things are getting a little scattered here (US) in the update world.

I know that my Windows 11 22H2 hardware is certified by HP, Intel, and MS, but I cannot get a real VM on the laptop (with all the security for windows on) except for Hyper-V (and I would have to side-load that as the Home version does not include it by default). That action would cause a significant hit to resources in the machine when active, and I need it to be available for work right now, so I am stuck. Since I can neither prove or disprove the code base of the SGX system (Active, hardware-aware and there are Windows Files that are "communicating" with it) is actively running something, I just have a theory, but no proof that it is gumming up the VM or OS or anything it does not like (I keep seeing blacklist and whitelist exceptions in the code, but I cannot view what these list refer to, but they are in the SGX system enclave). Wish I had a better answer. Cheers.
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: new hardware device from Intel called SGX

Post by Oracleiscool »

OK,
I don't normally do this, but I just found a link from Malwarebytes:

https://www.malwarebytes.com/blog/news/ ... you-update

that addresses some vm problems that are in the Intel SGX that everyone here seems to think was not being used. Well, this article links to intel and MS on the threats and cve's that are involved. My processor is affected by this issue, but only in the software channel, but will severely affect the cpu hyper-threading and I guess will cause a loss of performance. I know there were discussions years ago about this, but at the time there were not that many cloud services. Now they are everywhere, and people are using them.

I guess we can still consider this a HUGE issue for Intel, and any VM that runs on any Intel bare metal server or client. As far as I can tell, it will not cause me issues directly, but I think we have a lot of users who use cloud services? Just read the bulletin, and consult your it professional!
Oracleiscool
Posts: 71
Joined: 12. Aug 2021, 19:51
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows 11 22H2
Location: US

Re: new hardware device from Intel called SGX

Post by Oracleiscool »

OK,

A little more reading tonight. Intel turned off Hyper-threading access in my processor. (Since first boot). Guess was a part of spectre or meltdown?

All the APIC system calls for xAPIC or X2APIC are being managed via the enclaves in SGX if the OS and Processor support it and can leak secrets during access depending on the OS calls during system operation (and depending on how the calls are routed in xAPIC or x2APIC).

I know that there are mitigations for these issues, but they need to be developed and released via the OS/VMM operators or even the OEM. Too risky for a under-trained user to go peeking around in the BIOS file. Most of us don't have access to the right tools or know how to use them properly.

I think for my own peace-of-mind I'm gonna turn off SGX in UEFI for now, and see if we get a microcode update from someone later. (May even check the MS catalog and see if they have something from Intel). If I try that, I'll send an update.
edvard
Posts: 14
Joined: 18. Nov 2009, 10:10
Primary OS: openSUSE
VBox Version: PUEL
Guest OSses: W2K, OpenSuSE11.2, OEL
Location: Hamburg

Re: new hardware device from Intel called SGX

Post by edvard »

further reading :
-- =====
https://www.theregister.com/2023/02/15/intel_sgx_vulns/

Intel patches up SGX best it can after another load of security holes found

Plus bugs squashed in Server Platform Services and more

by Dan Robinson
Wed 15 Feb 2023 // 20:40 UTC
-- =====
Best, Edvard
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: new hardware device from Intel called SGX

Post by scottgus1 »

Since this forum is about Virtualbox not SGX, I'm going to call in the dogs and put out the fire here.

Oracleiscool, if you have trouble running a VM, please start a new topic. In 50 words or less, and with no references to SGX, explain exactly what the VM is doing wrong.
Locked