SGX related FAQ

About Intel is abandoning SGX

  1. Intel is not fasing out SGX, it just decided to not add it to newer CONSUMER type CPU’s. Existing CPU’s with SGX support will continue to work and provide security updates, see next points.

About Intel SGX is not secure

  1. There have been some people rumbling about SGX being not secure enough, this is not true: All the issues found in the past have been and still will be actively patched with MCU/IntelME updates. Phala uses RemoteAttestation(RA) for validation of the CPU, it not just checks if you can use SGX, but it checks the patch level, which is directly tied to the CONFIDENTIALLY LEVEL Phala uses (and shows). A level 1 system means it has been patched to all known issues and is considered secure by INTEL standards (not Phala) … so this RA process is a guaranteed method of true auditing and verification of a CPU by a third party (meaning not the miner or Phala, but by intel)

About SGX2

  1. Intel created SGX2 with a LOT more features, such as total memory encryption (not just SGX memory), larger enclaves (up to 16GB per processer) and not using RA but DCAP. There are many improvements for the CONFI-LEVEL procs as well as PERFORMANCE INCREASE! That said (and mentioned in point 1) these new features are more meant for server line CPU’s (Xeon 3rd gen) because a normal desktop would never use these features, so it makes sense for Intel to focus on server line.
  2. There are a lot fewer server line CPU’s which are in the same family, which makes updates for patches easier to test and quicker to roll out. As such i expect patching to be more simplified and updates to be available in days/weeks rather than months.

About Phala Plan

  • Note: At this time pRuntime does not support SGX2 YET, developers are still working on this, and results should be somewhere in Q1 (?). We already have several systems in hand for testing once this is completed. We expect this to be ready near mainnet launch (?)

Hi, I am currently mining with 3 (confidence 5) fairly cheap machines. Do you think the community will be able to generate a list of servers, (at the appropriate time) that will be at confidence level 1?

I would hate to spend thousands of dollars only to find my shiny new Xeon did not support SGX and a confidence of level 1; The only reason I would buy such a machine would be to mine Phala!

On a wider point; if the greater the distribution of miners, the more secure the network, then surely we need to ensure as many people as possible are able to maximise their support for the network at level 1.

Thanks to you and the team for all your hard work,