About Intel is abandoning SGX
- Intel is not fasing out SGX, it just decided to not add it to newer CONSUMER type CPU’s. Existing CPU’s with SGX support will continue to work and provide security updates, see next points.
About Intel SGX is not secure
- There have been some people rumbling about SGX being not secure enough, this is not true: All the issues found in the past have been and still will be actively patched with MCU/IntelME updates. Phala uses RemoteAttestation(RA) for validation of the CPU, it not just checks if you can use SGX, but it checks the patch level, which is directly tied to the CONFIDENTIALLY LEVEL Phala uses (and shows). A level 1 system means it has been patched to all known issues and is considered secure by INTEL standards (not Phala) … so this RA process is a guaranteed method of true auditing and verification of a CPU by a third party (meaning not the miner or Phala, but by intel)
- Intel created SGX2 with a LOT more features, such as total memory encryption (not just SGX memory), larger enclaves (up to 16GB per processer) and not using RA but DCAP. There are many improvements for the CONFI-LEVEL procs as well as PERFORMANCE INCREASE! That said (and mentioned in point 1) these new features are more meant for server line CPU’s (Xeon 3rd gen) because a normal desktop would never use these features, so it makes sense for Intel to focus on server line.
- There are a lot fewer server line CPU’s which are in the same family, which makes updates for patches easier to test and quicker to roll out. As such i expect patching to be more simplified and updates to be available in days/weeks rather than months.
About Phala Plan
- Note: At this time pRuntime does not support SGX2 YET, developers are still working on this, and results should be somewhere in Q1 (?). We already have several systems in hand for testing once this is completed. We expect this to be ready near mainnet launch (?)