Potential Threats of Memory Integrity on SEV(SNP), (Scalable) SGX2, and TDX

 December 6, 2022 at 12:09 am

SGX2 Memory Integrity



Potential Attacks

  • Inside-in Aliasing
  • Outside-in Aliasing

Possible sources of aliasing

Server’s RAS feature

  • Memory Address Range Mirroring
  • Memory Predictive Failure Analysis (PFA)

PFA: if a physical memory page is believed to be affected by an underlying hardware fault (e.g., a weak cell or faulty row in a memory chip or DRAM), the affected page can be retired by relocating its content to another physical page, and placing the retired page on a list of physical pages that should not be subsequently allocated by the virtual memory system.


Possible attack from OS?

Via Memory Components (System Software)

  • Program critical system hardware devices, e.g., memory controller, DMA engines (doc1, p113) DMA is controlled by the CPU in x86-64 systems
  • Program page tables/EPT => inside-in alias (doc1, p113)

Other possible attack

  • Firmware <= defend by secure boot/PFR/Intel Hardware Shield (doc.2)


  1. https://www.intel.com/content/dam/develop/external/us/en/documents/332680-001-720907.pdf
  2. Intel PFR Github

Related Papers

TDX Problems


  1. Intel TDX