Intel has shared some clarifications after a researcher claimed to have made significant progress in hacking the chip giant’s Software Guard Extensions (SGX) data protection technology. 

Mark Ermolov, a security researcher who specializes in Intel products and works at Russian cybersecurity firm Positive Technologies, revealed last week that he and his team had managed to extract cryptographic keys pertaining to Intel SGX.

SGX is designed to protect code and data against software and hardware attacks by storing it in a trusted execution environment called an enclave, which is a separated and encrypted region.

“After years of research we finally extracted Intel SGX Fuse Key0 [FK0], AKA Root Provisioning Key. Together with FK1 or Root Sealing Key (also compromised), it represents Root of Trust for SGX,” Ermolov wrote in a message posted on X. 

Pratyush Ranjan Tiwari, who studies cryptography at Johns Hopkins University, summarized the implications of this research in a post on X. 

“The compromise of FK0 and FK1 has serious consequences for Intel SGX because it undermines the entire security model of the platform. If someone has access to FK0, they could decrypt sealed data and even create fake attestation reports, completely breaking the security guarantees that SGX is supposed to offer,” Tiwari wrote.

Tiwari also noted that the impacted Apollo Lake, Gemini Lake, and Gemini Lake Refresh processors have reached end of life, but pointed out that they are still widely used in embedded systems. 

Intel publicly responded to the research on August 29, clarifying that the tests were conducted on systems that the researchers had physical access to. In addition, the targeted systems did not have the latest mitigations and were not properly configured, according to the vendor. 

“Researchers are using previously mitigated vulnerabilities dating as far back as 2017 to gain access to what we call an Intel Unlocked state (aka “Red Unlocked”) so these findings are not surprising,” Intel said.

In addition, the chipmaker noted that the key extracted by the researchers is encrypted. “The encryption protecting the key would have to be broken to use it for malicious purposes, and then it would only apply to the individual system under attack,” Intel said.

Ermolov confirmed that the extracted key is encrypted using what is known as a Fuse Encryption Key (FEK) or Global Wrapping Key (GWK), but he is confident that it will likely be decrypted, arguing that in the past they did manage to obtain similar keys needed for decryption. The researcher also claims the encryption key is not unique. 

Tiwari also noted, “the GWK is shared across all chips of the same microarchitecture (the underlying design of the processor family). This means that if an attacker gets hold of the GWK, they could potentially decrypt the FK0 of any chip that shares the same microarchitecture.”

Ermolov concluded, “Let’s clarify: the main threat of the Intel SGX Root Provisioning Key leak is not an access to local enclave data (requires a physical access, already mitigated by patches, applied to EOL platforms) but the ability to forge Intel SGX Remote Attestation.” 

The SGX remote attestation feature is designed to strengthen trust by verifying that software is running inside an Intel SGX enclave and on a fully updated system with the latest security level. 

Over the past years, Ermolov has been involved in several research projects targeting Intel’s processors, as well as the company’s security and management technologies.

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities

Related: Intel Says No New Mitigations Required for Indirector CPU Attack