The latest security information on Intel® products.

Table 1. Security Configurations and Responses:

Security Advisory

Security Configuration

Attestation Response (IAS)*

tcbStatus (PCS)**

INTEL-SA-00161

Hyper-threading (HT) enabled/disabled

CONFIGURATION_NEEDED if HT enabled (introduced)

ConfigurationNeeded if HT enabled

INTEL-SA-00233

Hyper-threading enabled/disabled

CONFIGURATION_NEEDED if HT enabled (used)

ConfigurationNeeded if HT enabled

INTEL-SA-00219

Integrated graphics enabled/disabled

CONFIGURATION_NEEDED if integrated graphics enabled (used)

ConfigurationNeeded if integrated graphics enabled

INTEL-SA-00289

Voltage MSR locked/unlocked

CONFIGURATION_NEEDED if MSR unlocked (used)

ConfigurationNeeded if MSR unlocked

INTEL-SA-00334

SW mitigations present/absent***

SW_HARDENING_NEEDED (introduced) or CONFIGURATION_AND_SW_HARDENING_NEEDED (introduced). One or the other will always be returned for CPUs affected by Intel-SA-00334 (Load Value Injection or LVI).
SWHardeningNeeded
INTEL-SA-00615 Hyper-threading enabled/disabled SW mitigations present/absent*** SW_HARDENING_NEEDED (used) or CONFIGURATION_AND_SW_HARDENING_NEEDED (used). One or the other will always be returned for CPUs affected by Processor MMIO Stale Data SWHardeningNeeded or ConfigurationAndSWHardeningNeeded if HT enabled
INTEL-SA-00657 Hyper-threading enabled/disabled, SW mitigations present/absent*** SW_HARDENING_NEEDED or CONFIGURATION_AND_SW_HARDENING_NEEDED if HT enabled SWHardeningNeeded or ConfigurationAndSWHardeningNeeded if HT enabled

Revision

Date

Description

1.0

2018-2020

Initial release to communicate Security configurations and special attestation responses for SGX. From 2018 – 2020 Intel was creating a sperate Attestation details document for each SGX TCB recovery.

2.0

April 2021

New format. This document will be used to communicate past and future security configurations and special attestation responses in tabular format. Attestation dates will now be included in the security advisory document not in this Attestation details document.

3.0 Sept 2021 Add new section:  Implementing a Grace Period for ECDSA-based Attestations
4.0 March 2022 Added attestation response for INTEL-SA-00615.
5.0 August 2022

Improve Security Configurations and Attestation Responses table. Remove details from Grace Period section since there’s a link to a Grace Period article.

Added attestation response for INTEL-SA-00657.