Q3 2023 Intel TCB Recovery Guidance

ID 785679
Updated 9/26/2023
Version 1.0
Public

author-image

By

Summary

Intel will execute an Intel® Software Guard Extensions (Intel® SGX) Trusted Computing Base (TCB) Recovery starting in August 2023. Once complete the TCB will reflect security updates and mitigations for Intel® SGX-enabled products in scope for Intel Platform Update (IPU) 2023.3, as well as Intel® Xeon® D Processors (code-named Idaville), and 4th Generation Intel® Xeon® Scalable Processors (code-named Sapphire Rapids). 

Additionally, Intel will execute an Intel® Trust Domain Extensions (Intel® TDX) Trusted Computing Base (TCB) Recovery starting in August 2023. Once complete, the TCB will reflect security updates and mitigations for 4th Generation Intel Xeon Scalable Processors (code-named Sapphire Rapids). 

Based on collaboration with and feedback from platform owners and ecosystem participants, Intel intends to maintain a rigorous and predictable schedule for security updates, while striving to minimize unnecessary TCB Recovery enforcement cycles. We continue to work to evolve options available to the ecosystem to enable additional customer-configurable policies based on their trust policies and tolerances (refer to enhanced attestation appraisal techniques in the Grace Period documentation for additional details). 

Intel® Software Guard Extensions (Intel® SGX)

In-scope Mitigations for the Q3 2023 TCB Recovery

New security updates containing mitigations for potential vulnerabilities were publicly disclosed August 8, 2023. Once the TCB Recovery is enforced (refer to TCB Recovery - Key Dates for IAS and Intel SGX), the presence of the updates will be attestable, namely:

  • 2023.3 IPU – Intel® Processor Advisory (INTEL-SA-00828 and Technical Paper). 
  • 2023.3 IPU – Intel® Xeon® Processor Advisory (INTEL-SA-00837)
    • Please Note: For the 3rd Generation Intel Xeon Scalable Processor family (code-named Ice Lake) and Intel® Xeon® D Processors (code-named Idaville), when the microcode update (MCU) is applied via the FIT table, the BIOS must also be updated. This is done to avoid system hang.

No new special responses (for example, CONFIGURATION_NEEDED) are introduced for the potential vulnerabilities mitigated in this cycle. Previous responses and for which mitigations they appear for can be found in the Intel SGX Attestation Technical Details. Further TCB Recovery Guidance for developers is also available. 

Account / Partner Action Required

Partners that wish to gain confidence, via attestation, that the intended software is securely running within an enclave on an updated Intel SGX-enabled platform containing the latest patches should complete the below recommendations. Each common partner type has a dedicated section. 

Important Note: For the 3rd Generation Intel Xeon Scalable Processor family (code-named Ice Lake) and Intel Xeon D Processors, when the microcode update is applied via the FIT table, the BIOS must also be updated. This is done to avoid system hang (reference INTEL-SA-00837).

Platform Owners (including Cloud Service Providers (CSPs), Enterprise IT, Independent Software Vendors (ISVs) self-managing bare metal platforms

  • FIT load MCU: This could include obtaining a new BIOS from your platform Original Equipment Manufacturer (OEM) / Original Device Manufacturer (ODM) that contains the microcode provided by Intel to mitigate issues in scope.
  • For 3rd and 4th Generation Intel Xeon Scalable platforms, as well as Intel Xeon D Processors (code-named Idaville), you must re-register your platforms. This can be done either directly with the Intel® Software Guard Extensions Registration Service (Intel® SGX Registration Service), or indirectly with Intel® Provisioning Certification Service for ECDSA Attestation (Intel® SGX PCS). Reference the Remote Attestation for Multi-Package Platforms using Intel® SGX Datacenter Attestation Primitives (DCAP) documentation for further details. 
  • Follow all prior configuration guidance for published mitigations as needed. For example, where platforms must be configured (via BIOS setup) with Intel® Hyper-Threading Technology (Intel® HT Technology) disabled to receive a particular Attestation response. 

Intel® SGX Software Vendors (ISVs)

Please Note: Intel always recommends updating to the latest SGX software. This includes, but is not limited to, the Intel® Software Guard Extensions Platform Software (Intel® SGX Platform Software), the Intel® Software Guard Extensions Datacenter Attestation Primitives (Intel® SGX DCAP), and the Intel® Software Guard Extensions Software Development Kit (Intel® SGX SDK) . The versions specified below are not the latest. Instead, they are the oldest versions that allow the best possible attestation response. “Best possible attestation response” varies based on the attested platform (and its configuration), but in general that should be either OK (IAS) / UpToDate (Intel SGX PCS) or SW_HARDENING_NEEDED (IAS) / SWHardeningNeeded (Intel SGX PCS). Refer to the Intel SGX Attestation Technical Details documentation for further details regarding attestation responses. 

  • If leveraging the Intel® Software Guard Extensions Attestation Service Utilizing Intel® Enhanced Privacy ID (Intel® SGX Attestation Service Utilizing Intel® EPID, or IAS for short), update your Intel SGX Platform Software to at least v2.17 (for Linux* OS) or v2.16 (for Windows* OS) on all your Intel SGX Virtual Machines (VMs) / bare metal OS installs. These are the same versions as the Q1 2023 TCB Recovery.
  • If leveraging Intel® Software Guard Extensions Provisioning Certification Service (Intel® SGX Provisioning Certification Service, or Intel SGX PCS), update your Intel® Software Guard Extensions Datacenter Attestation Primitives (Intel® SGX DCAP) software to at least v1.14. 
  • Update your Intel® SGX SDK for Linux* OS to at least v2.17, or your Intel® SGX SDK for Windows OS to v2.16; Intel recommends incrementing all your enclaves’ ISVSVNs, and then recompile, re-sign, and re-deploy your enclaves.
  • If performing your own attestation quote verification, make sure your verification code can manage all security configurations and special responses from IAS / Intel SGX PCS and Intel SGX DCAP Quote Verification Library (Intel DCAP QVL).   
    • Refer to the Intel SGX Attestation Technical Details documentation for further details, including security configuration settings and when special responses may be expected. 

    • Important Note: No new special responses (for example, CONFIGURATION_NEEDED) are introduced for the potential vulnerabilities mitigated with IPU 2023.3.

Attestation Service / Quote Generation / Verification Owners

  • If you own or control your infrastructure, for 3rd and 4th Generation Intel Xeon Scalable platforms, as well as Intel Xeon D Processors (code-named Idaville), you must re-register your platforms (either directly with the Intel SGX Registration Service, or indirectly with Intel SGX PCS. Reference this documentation for details). Otherwise, follow the procedure specified by your infrastructure provider.
  •  Download new platform Provisioning Certification Key (PCK) certificates for your platforms. If you own or control your infrastructure, you can download the PCK certificates directly from Intel SGX PCS. Otherwise, follow the procedure specified by your infrastructure provider. 
  • If running a local Provisioning Certification Caching Service (PCCS), download and cache new attestation verification collateral (for example, TCB Info and QEIdentity) for the updated TCB levels. Otherwise, follow the procedure specified by your infrastructure provider.

TCB Recovery - Key Dates for IAS and Intel SGX DCAP Customers 

For platforms in scope for the TCB Recovery, Intel’s SGX services will be updated following the public disclosure of IPU 2023.3 occurring August 8, 2023. Specific updates are detailed below.

Unless otherwise specified, updates are targeted around 4 am Pacific Daylight Time. Dates listed below are defaults; customers electing to leverage the optional “update” URL parameter may have earlier dates (reference the service documentation for additional detail: Intel SGX PCS API Documentation / IAS API Documentation). 

IAS Customers

  • August 22, 2023 – Development Enforcement: The Development Environment for IAS (IAS-DEV) will enforce the presence of microcode and software updates on platforms in scope.
    • Platforms in scope (listed by CPUID): 406E3, 706E5, 806E9, 806EA, 806EB, 806EC, 906E9, 906EA, 906EB, 906EC, 906ED, A0652, A0653, A0655, A0660, A0661, A0671 (Product Lookup)
  • September 19, 2023 – Production Enforcement: The Production Environment for IAS (IAS-LIV) will enforce the presence of microcode and software updates on platforms in scope (see above).

Intel SGX DCAP Customers

  • September 19, 2023 – Availability of new Endorsements / Reference Values (for example, verification collateral) for all in-scope Intel SGX platforms supporting Elliptic Curve Digital Signature Algorithm (ECDSA) attestation.
    • In-scope platforms statement does not include 706A1 (Gemini Lake) and 706A8 (Gemini Lake Refresh) as these platforms are not affected by the potential vulnerabilities described in the security advisories in Mitigations in-Scope for the Q3 2023 TCB Recovery section. 

Intel® Trust Domain Extensions (Intel® TDX)

Mitigations in Scope for the Q3 2023 TCB Recovery  

Note: At this point, only 4th Generation Intel Xeon Scalable Processors (code-named Sapphire Rapids) support Intel TDX and thus are in scope for this TCB Recovery. The presence of mitigations for the following security advisories will be enforced in this TCB Recovery:

  • 2023.3 IPU – Intel Xeon Processor Advisory (INTEL-SA-00837)
    • Please Note: The system hang sighting mentioned above for 3rd Gen Intel® Xeon® Scalable Processor family and Intel Xeon D Processors is not present on 4th Generation Intel Xeon Scalable Processors. As a result, the BIOS does not need to be updated for 4th Generation Intel Xeon Scalable Processors to avoid a system hang. 

Account / Partner Action Required

Guidance (including any pertinent pass-through messaging) will be communicated to applicable Intel TDX customers separately. 

TCB Recovery - Key Dates for Intel TDX DCAP Customers 

Intel TDX DCAP Customers

Unless otherwise specified, updates are targeted around 4 am Pacific Daylight Time.

  • September 19, 2023 – Availability of new Endorsements / Reference Values (that is, verification collateral) for 4th Generation Intel Xeon Scalable Processors (code-named Sapphire Rapids).

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.