On Tue, 28 Jun 2016, 12384013418489'14'810'4 wrote: > would be the Intel Skylake Technology SGX a solution, so that the keys > cannot be read from the crypto processes?
In these covert attacks, the keys are not "read" but leaked. Those leaks are unlikely to be solved by SGX as it's not the threat it is used to counter (i.e., SGX prevents reading of those DRM keys directly from RAM in plain text form :-)). With SGX, the memory is encrypted so that it cannot be "read", however, the CPU still does calculations of an SGX enclave the same way as without them which creates the opportunity for the very same covert channels to form. Other interesting technology in this domain is ability to somehow control cache allocations that is available at least with Broadwell Xeons. However, I'm not convinced it can fully remove cache-based covert channels either. -- i.
