[Info-vax] CPU Refresher for Programmers

[johnwallace4 at yahoo.co.uk]

On Saturday, 16 January 2016 03:34:26 UTC, Stephen Hoffman  wrote:
> On 2016-01-12 03:10:16 +0000, Stephen Hoffman said:
> 
> > Yeah, more than a few of these features have been available in systems 
> > prior to x86-64 -- but these features are now far more common, far 
> > cheaper, and just as useful.
> 
> Then there are features (complexity) that didn't exist before, such as 
> Intel Software Guard Extensions (SGX):
> 
> https://software.intel.com/sites/default/files/332680-002.pdf
> 
> These enclaves would (hypothetically) be where LMF would be 
> implemented, and would provide storage and processing related to each 
> user's private keys, for instance.   There are other uses likely too, 
> such as a foundation for secure delivery.
> 
> -- 
> Pure Personal Opinion | HoffmanLabs LLC

Features that didn't exist before what?

SGX may be new to Intel/x86, to the extent that you can't really buy
it yet, but it's arguably a close relative of ARM's TrustZone which
has been around a decade or so, intended for digital entertainment,
secure comms, secure control, etc boxes, or indeed anything where
things have to be reasonably secure against attacks of various kinds
(not just malware). But TrustZone is aimed at the System on Chip
world, and consequently is largely invisible to Joe Public, or even
to most of the software/hardware world.

With TrustZone, it was implicit that the box is largely a single
purpose box, defined at design time or manufacturing time, because
(at least historically) that's the way an ARM-based System on Chip
is used. And consequently there was only one trusted 'zone'.

AIUI, one new thing SGX will bring to the table is multiple
independent 'enclaves' vs TrustZone's single zone. IE the concept is
extended from largely single purpose boxes to general purpose boxes
whose workload may change significantly during the hardware's
lifetime, just as you'd expect with x86.