Platform Security Guidance
Trusted Computing Base Recovery Attestation
Intel's Confidential Computing solutions enable end-to-end data protection using silicon-rooted Trusted Execution Environments (TEEs) such as Intel® Software Guard Extensions (Intel® SGX) and Intel® Trust Domain Extensions (Intel® TDX). These technologies secure application and virtual machine data, and support attestation, allowing external parties to cryptographically verify the integrity of the TEE and the data processed within it.
When Trusted Computing Base (TCB) components require updates to maintain a strong security posture, Intel initiates a TCB Recovery (TCB-R) process, to add the latest signed components to the TCB. All relevant parties must deploy these updates so that relying parties can use attestation to compare their platform’s report with a signed reference and make informed trust decisions.
For guidance on the TCB-R process for Intel technologies, including policies and best practices for attestation, see the Trusted Computing Base Recovery of Intel Trusted Execution Environments article.
Affected Processors: Trusted Computing Base Recovery Attestation
This table shows all currently supported Intel platforms that support Intel SGX or Intel TDX. For platforms that participate in a TCB-R, the action required to perform a successful recovery is listed by disclosure, with the accompanying security advisory (SA) from Intel listed for more information.
Processors are listed by product family. For specific product names, see Product Specifications. Product families that do not support Intel SGX or Intel TDX are not listed in this table. Processors that have met the End of Servicing Lifetime (EOSL) milestone may not be listed in the following table, and the mitigation status of EOSL processors may not be evaluated. For more information on processors that are no longer supported and not listed in the table see Support.
| CPUID Family_Model |
Stepping | CPUID Hybrid Identification |
Code Name(s) / Microarchitecture(s) | Product Family | Segment | CPUID1 | MCU Update2 where applicable |
OOB Read/TDX CVE-2025-30513, CVE-2025-31944, CVE-2025-32007, CVE-2025-32467, INTEL-SA-01397 |
OOB Write/TDX CVE-2025-22885 INTEL-SA-01314 |
OOB Write/MCHECK CVE-2025-32086 CVE-2025-26403 INTEL-SA_01367 |
Control Flow in ACTM/MCHECK CVE-2025-24305 CVE-2025-20053 CVE-2025-21090 INTEL-SA_01313 |
Shared Resources CVE-2025-22853; CVE-2025-21096 INTEL-SA-01312 |
Memory Overlap CVE-2025-22889 INTEL-SA-01311 |
Firmware Lock CVE-2025-20044 INTEL-SA-01245 |
Max_vcpu CVE-2024-33607 INTEL-SA-01192 |
Indirect Target Selection (IBPB) CVE-2024-28956 INTEL-SA-01153 |
Processor Trace CVE-2024-48869 INTEL-SA-01268 |
Mcheck TOCTOU CVE-2025-20100 INTEL SA-01278 |
ACTM MRDIMM CVE-2025-2004 INTEL SA-01273 |
Improper Input Validation CVE-2023-45745 INTEL-SA-01036 |
Running Average Power Limit Derivative (RAPL) CVE-2024-23984 INTEL-SA-01103 |
Single-stepping Counter Bypass CVE-2024-27457 INTEL-SA-01099 |
Invalid DIMM and RFM CVE-2024-22185 INTEL-SA-01111 |
Incorrect Default CVE-2024-21820 INTEL-SA-01079 |
Resource Reuse CVE-2024-21850 INTEL-SA-01076 |
Incomplete Filtering CVE-2024-39283 INTEL-SA-01010 |
Microcode Keying CVE-2023-43490 INTEL-SA-01045 |
Register File Data Sampling (RFDS) (Floating Point/Integer / Single Instruction/Multiple Data) CVE-2023-28746 INTEL-SA-00898 |
On-chip Debug and Interface CVE-2023-32666 INTEL-SA-00986 |
Trusted Execution Configuration Register Access CVE-2023-22655 INTEL-SA-00960 |
Incomplete Branch Prediction Barrier CVE-2023-38575 INTEL-SA-00982 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TCB-R Counter:21 IPU 26.1 (February 2026) |
TCB-R Counter:21 IPU 26.1 (February 2026) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:20 IPU 25.3 (August 2025) |
TCB-R Counter:19 IPU 25.2 (May 2025) |
TCB-R Counter:19 IPU 25.2 (May 2025) |
TCB-R Counter:19 IPU 25.2 (May 2025) |
TCB-R Counter:19 IPU 25.2 (May 2025) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:18 IPU 24.3 / UPLR2 (Sept, Nov 2024) |
TCB-R Counter:17 IPU 24.1 (Feb 2024) |
TCB-R Counter:17 IPU 24.1 (Feb 2024) |
TCB-R Counter:17 IPU 24.1 (Feb 2024) |
TCB-R Counter:17 IPU 24.1 (Feb 2024) |
TCB-R Counter:17 IPU 24.1 (Feb 2024) |
||||||||
| 06_6AH | 6 | NA | Ice Lake Xeon-SP | 3rd Gen Intel® Xeon® Scalable processor family |
|
606A6 | 0x0d000421 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | ACM_BIOS | MCU_BIOS_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_6CH | All | NA | Ice Lake Xeon D (Idaville) | Intel® Xeon® D processor family | Embedded | 606C1 | 0x010002f1 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | ACM_BIOS | MCU_BIOS_TCBR | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | MCU_BIOS_TCBR | Not Affected |
| 06_7AH | 8 | NA | Gemini Lake |
|
|
706A8 | 0x26 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_BIOS_TCBR (SGX) | Not Affected | Not Affected | Not Affected |
| 06_8EH | C | NA | 1. Whiskey Lake V 2,3,4. Comet Lake U42 5. Amber Lake Y |
|
Mobile | 806EC | 0x100 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_8FH | 5, 6, 7, 8 | CPUID.0x7.EDX[15] =0 | Sapphire Rapids (Golden Cove) |
4th Generation Intel® Xeon® Scalable processor family 5th Generation Intel® Xeon® Scalable processor family 4th Generation Intel® Xeon® Platinum processor family 4th Generation Intel® Xeon® Gold processor family 4th Generation Intel® Xeon® Silver processor family 4th Generation Intel® Xeon®Bronze processor family 4th Gen Intel Xeon Scalable Processors with Intel® vRAN Intel® Xeon® W workstation processors |
Server workstation | 806F5, 806F6, 806F7, 806F8 | 2b000661 | TDX_M (v1.5.24) |
TDX_M (v1.5.24) |
Not Affected | MCU_BIOS_TCBR | TDX_M (v1.5.16) |
Not Affected | TDX_M (v1.5.16) |
TDX_M (v1.5.16) |
Not Affected | Not Affected | Not Affected | Not Affected | TDX_M | MCU_OSPL_TDX_TCBR MCU_OSPL_SGX_TCBR |
TDX_M | ACM_BIOS | MCU_BIOS_TCBR | ACM_BIOS (TDX) | TDX_M | Not Affected | Not Affected | MCU_BIOS_TCBR | NMCU_BIOS_TCBR | MCU_OSPL_SGX_TCBR |
| 06_8FH | 5, 6, 8 | CPUID.0x7.EDX[15] =0 | Sapphire Rapids (Golden Cove) |
Intel® Xeon® CPU Max Series processors (High Bandwidth Memory HBM) | Server | 806F8 | 2c000421 | TDX_M (v1.5.24) |
TDX_M (v1.5.24) |
Not Affected | MCU_BIOS_TCBR | TDX_M (v1.5.16) |
Not Affected | TDX_M (v1.5.16) |
TDX_M (v1.5.16) |
Not Affected | Not Affected | Not Affected | Not Affected | TDX_M | MCU_OSPL_TDX_TCBR MCU_OSPL_SGX_TCBR |
TDX_M | ACM_BIOS | MCU_BIOS_TCBR | ACM_BIOS (TDX) | TDX_M | Not Affected | Not Affected | MCU_BIOS_TCBR | NMCU_BIOS_TCBR | MCU_OSPL_SGX_TCBR |
| 06_9EH | D | NA |
|
|
|
906ED | 0x104 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A5H | 2 | NA | Comet Lake H | 10th Generation Intel® Core™ processor family Intel® Xeon® W processor family |
Mobile Workstation |
A0652 | 0x100 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A5H | 3 | NA | Comet Lake S | 10th Generation Intel® Core™ processor family Intel® Pentium® Gold processor family Intel® Celeron® processor family Intel® Xeon® W processor family |
Desktop Workstation |
A0653 | 0x100 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A5H | 5 | NA | Comet Lake S | 10th Generation Intel® Core™ processor family Intel® Xeon® W processor family |
Desktop Workstation |
A0655 | 0x100 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A6H | 0 | NA | Comet Lake U62 | 10th Generation Intel® Core™ processor family | Mobile | A0660 | 0x102 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A6H | 1 | NA | Comet Lake U62 | Intel® Xeon® W processor family | Desktop | A0661 | 0x100 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_A7H | 1 | NA | Rocket Lake | 1. 11th Generation Intel® Core™ processor family 2. Intel® Xeon® E-2300 processor family 3. Intel® Xeon® W-1300 processor family |
1:Desktop 2: Server 3: Workstation |
A0671 | 0x65 | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | MCU_OSPL_SGX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_ADH | 0,1 | CPUID.0x7.EDX[15] =0 CPUID.0x1A.EAX[31:24] = 40 | Granite Rapids (Redwood Cove) | Intel® Xeon® Scalable processor family Intel® Xeon® 6 processors |
Server | A06D1 | 0x01000405 | TDX_M (2.0.14) |
TDX_M (2.0.14) |
MCU_BIOS_TCBR | MCU_BIOS_TCBR | TDX_M (v2.0.08) |
MCU_OSPL_TDX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_ADH | 0,1 | CPUID.0x7.EDX[15] =0 CPUID.0x1A.EAX[31:24] = 40 | Granite Rapids R1S (Redwood Cove) | Intel® Xeon® Scalable processor family Intel® Xeon® 6 processors |
Server | A06D1 | 0x01000133 | TDX_M (v2.0.14) |
TDX_M (v2.0.14) |
MCU_BIOS_TCBR | MCU_BIOS_TCBR | TDX_M (v2.0.08) |
MCU_OSPL_TDX_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_AEH | 1 | CPUID.0x7.EDX[15] =0 CPUID.0x1A.EAX[31:24] = 40 | Granite Rapids-D (Redwood Cove) | Intel® Xeon® 6700P-B/6500P-B Series P-cores | Embedded | A06E1 | 0x01000303 | TDX_M (v2.0.14) |
TDX_M (v2.0.14) |
Not Affected | Not Affected | Not Affected (v2.0.08) |
Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_AFH | 3 | CPUID.0x7.EDX[15] =0 CPUID.0x1A.EAX[31:24] = 20 | Sierra Forest (Crestmont) | Intel® Xeon® 6 processor family | Server | A06F3 | 0x03000382 (UPLR1) |
TDX_M (1.5.25) |
TDX_M (1.5.25) |
MCU_BIOS_TCBR | MCU_BIOS_TCBR | TDX_M (1.5.16) |
Not Affected | TDX_M (1.5.16) |
TDX_M (1.5.16) |
Not Affected | MCU_OSPL_TDX_TCBR | MCU_BIOS_TCBR | ACM_BIOS | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
| 06_CFH | 1, 2 | CPUID.0x7.EDX[15] =0 CPUID.0x1A.EAX[31:24] = 40 | Emerald Rapids (Raptor Cove) | 5th Generation Intel® Xeon® Scalable processors | Server | C06F2 | 210002d3 | TDX_M (v1.5.24) |
TDX_M (v1.5.24) |
Not Affected | MCU_BIOS_TCBR | TDX_M (1.5.16) |
Not Affected | TDX_M (1.5.16) |
TDX_M (1.5.16) |
Not Affected | Not Affected | Not Affected | Not Affected | TDX_M | MCU_OSPL_TDX_TCB MCU_OSPL_SGX_TCBR |
TDX_M | ACM_BIOS | MCU_BIOS_TCBR | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected | Not Affected |
Key
MCU: Mitigation requires a microcode update. It is runtime effective.
MCU_BIOS_TCBR: Mitigation requires an updated BIOS carrying new microcode only loadable in flash to be reflected in Intel SGX and Intel TDX attestation and TCB-R completion.
MCU_OSPL_SGX_TCBR: Mitigation eligible for Intel SGX runtime update. After OS Patch Loading (OSPL), tear down all enclaves, perform EUPDATESVN, and then relaunch any enclave. The new microcode update will be attestable and TCB-R will be complete. No further action is required for non-Intel SGX.
If the operating system enabling for the runtime update is not available, that is, EUPDATESVN is not supported by the operating system, attestation is possible with a warm reset. After a warm reset, and if OSPL is done prior to the loading of the first enclave, then neither EUPDATESVN support nor MCU_BIOS update is required.
If the above options are not feasible, treat this as MCU_BIOS_TCBR. For more information, see Microcode Update Guidance.
MCU_OSPL_TDX_TCBR: Mitigation eligible for Intel TDX runtime update. A new microcode update will be attestable. No further action is required for non-Intel TDX.
If the operating system enabling for the runtime update is not available, that is, TDPRESERVING is not supported by the virtual machine monitor (VMM), attestation is possible with a warm reset. After a warm reset, and if OSPL is done prior to the loading of the first enclave, then neither TDPRESERVING support nor MCU_BIOS update is required.
If the above options are not feasible, treat this as MCU_BIOS_TCBR. For more information, see Microcode Update Guidance.
ACM_BIOS: Mitigation requires an Authenticated Code Module (ACM) update, which is part of a BIOS update. A BIOS update and cold reset are required.
ACM_SINIT: Mitigation requires an update to Intel® Trusted Execution Technology, which can be updated at runtime for effectiveness, and is applicable to a VMM or host operating system. All virtual machines (VM) will be lost. A cold reset is required for attestation and complete TCB-R.
TDX_M: Mitigation requires an Intel TDX module update. When TDPRESERVING is supported by the VMM, mitigation is eligible for an Intel TDX module runtime update. This new Intel TDX module update will be attestable. No further action is required for non-Intel TDX.
If TDPRESERVING is not supported by the VMM, a warm reset is required for attestation. After a warm reset, the VMM loads the new Intel TDX module to complete TCB-R.
SGX_E: Mitigation requires updating and reloading an Intel SGX architectural enclave. A warm reset is not necessary for attestability and TCB-R completion.
Not Affected: Products are not affected or mitigated through hardware and may not be enumerated.
No Planned Mitigation: An issue exists but no mitigation is planned.
TCB-R Dates
| Disclosure Status | TCB-R 21 (Intel TDX only) |
TCB-R 20 | TCB-R 19 |
|---|---|---|---|
Public Disclosure The web parameter [update] = "early" is specified (or the parameter [tcbEvaluationDataNumber] is specified with the TCB-R number) with Intel® Provisioning Certification Service (Intel® PCS) New verification collateral is available for all in-scope Intel SGX and Intel TDX platforms supporting the Elliptic Curve Digital Signature Algorithm (ECDSA) attestation. The respective Intel Provisioning Certification Service issues new verification collateral and Provisioning Certification Key (PCK) certificates. |
February 10, 2026 | August 12, 2025 | May 13, 2025 |
Public Disclosure Plus 12 Months The web parameter [update] = "standard" or no [update] parameter specified with Intel Provisioning Certification Service The same verification collateral that was published 12 months in advance is now available for all in-scope Intel SGX and Intel TDX platforms supporting ECDSA attestation. |
February 10, 2027 | August 12, 2026 | May 13, 2026 |
Note: Unless otherwise specified, Intel service updates are targeted around 11 p.m. Pacific time.
Action Required
The Intel® platform update guidance document typically contains mitigation updates for Intel SGX and Intel TDX. For TCB-R 21, only Intel TDX is in scope.The Best-Known Configuration (BKC) kit for each processor is under the IPU Update Guidance tab, in the IPU Kit column.
Customers under non-disclosure agreements (NDA) with Intel looking for specific Resource and Documentation Center (RDC) numbers can refer to the guidance documents in the Intel platform update collection.
| Action Required | TCB-R 21 | TCB-R 20 | TCB-R 19 |
|---|---|---|---|
Platforms with Intel TDX |
Mitigation requires an Intel TDX module update. When TDPRESERVING is supported by the VMM, mitigation is eligible for an Intel TDX module runtime update. This new Intel TDX module update will be attestable. If TDPRESERVING is not supported by the VMM, a warm reset is required for attestation. After a warm reset, the VMM loads the new Intel TDX module to complete TCB-R. | Obtain the latest BIOS for your product from your original equipment manufacturer (OEM) and original device manufacturer (ODM). Ensure that it has the following components:
|
Intel® Xeon® 6 processor with E-cores (formerly code named Sierra Forest) is the only Intel TDX-enabled product in scope for TCB-R 19. Obtain the latest BIOS for your product from your OEM or ODM. Ensure that it has the following components:
|
Platforms with Intel SGX |
|
Obtain the latest BIOS for your product from your OEM or ODM. For both Intel TDX and Intel SGX, use the MCU version reflected in the TCB-R table or later. For published mitigations, follow all prior Best-Known Configuration Guidance. |
For Intel Xeon 6 processors with E-cores only, obtain the latest BIOS for your product from your OEM or ODM. Make sure that it has the following components:
For other affected processors in TCB-R 19:
Follow all prior Best-Known Configuration Guidance for published mitigations. |
Software Using Intel SGX / Intel TDX |
|
|
Notes
|
Enabling Quote Generation |
|
If you own or control the infrastructure:
If you do not own or control the infrastructure:
|
If you own or control the infrastructure:
If you do not own or control the infrastructure:
|
Enabling Quote Verification |
If you own or control the infrastructure:
If you do not own or control the infrastructure:
|
If you own or control the infrastructure:
If you do not own or control the infrastructure:
|
If you own or control the infrastructure:
If you do not own or control the infrastructure:
|
Update on Errata (TCB-R 20, TCB-R 18)
The Intel SGX / Intel TDX DCAP release v1.24 released in late Q4, 2025 contains a fix for this issue as reported. The latest version can be downloaded here.
Prior Updates: The TCB-R 20, initiated August 12, 2025 (for update = “early”) continues to be affected by the issue first identified with TCBR-18 with Intel® Software Guard Extensions ECDSA Quote Verification Library: the list of advisory IDs (commonly known as the Security Advisory List) reported by the library may not be complete. In more detail, Advisory IDs assigned to Intel TDX module identity may be missing. As a reminder, the issue does not affect the accuracy of the tcbStatus (that is, UpToDate, OutOfDate) or the tcbDate value reported by the library. Instead, only the completeness of the advisory IDs list is affected. Intel has implemented a workaround to this issue in certain instances of the verification collateral (TCB Info) returned by the Intel TDX Provisioning Certification Service. Click on the applicable link to view details: TCB-R 20 QVL forum post, TCB-R 18 QVL forum post.
Attestation Appraisal
While Intel SGX and Intel TDX developers generally condition program operations on up-to-date attestation verification responses, they may have different needs based on their risk tolerance, specific use cases, and other factors.
Intel offers several software paths for a customer to use enhanced attestation appraisal techniques. These techniques are intended to facilitate the evaluation of Intel SGX and Intel TDX hardware platforms before, during, and after an upgrade cycle or Intel public disclosure. At the same time, they allow for infrastructure provider and customer trust policies and tolerances.
- Intel® Tiber™ Trust Authority
- Intel® SGX Data Center Attestation Primitives (Intel SGX DCAP) software with attestation appraisal source code, samples, and documentation are available:
- Intel SGX DCAP on GitHub
- Appraisal Engine sample (located in the Intel SGX DCAP software branch)
- Appraisal Engine Developer Guide
Footnotes
- CPUID description: Example CPUID = 906EB. Family = 06 / Extended Model = 9 / Model Number = E / Stepping ID = B. See Intel Software Developer’s Manual Version 071, Volume 2A, Figure 3-6 for reference.
- Intel recommends ensuring all security mitigations provided by Intel are applied and systems are running the latest firmware/MCU versions available. MCU updates may still be required for enumeration even when processors are not affected. Contact OS/VMM vendors for the latest software updates.
Linux users: The microcode image is named after the family/model/stepping. You can locate these from /proc/cpuinfo. Example: For Family 06, Model 85, Stepping 4 (values in decimal), the corresponding microcode file is 06-55-04 located in /lib/firmware/intel-ucode/ (values in hexadecimal)."
Look at the microcode version number at the official public Intel microcode website. Calculate Family-Model-Stepping before downloading the appropriate microcode.
Windows users: Read the version with the following PowerShell command: reg query HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0 /v "Update Revision"
Or use the Intel® Processor Identification Utility tool to check the microcode version and compare it against the latest microcode listed above.
For more information, see:
- This product has reached its End of Servicing Update date. For further information, see Support. For customers interested in extending updates beyond the end of servicing date, contact your Intel representative for details.