Intel® Software Guard Extensions (Intel® SGX) Trusted Computing Base (TCB) Recovery Plans for Q4 2022

Intel® Software Guard Extensions (Intel® SGX) Trusted Computing Base (TCB) Recovery Plans for Q4 2022

An Intel® Software Guard Extensions Trusted Computing Base (TCB) Recovery is planned to be initiated in October 2022 (key dates are below). Once all phases are completed, the TCB will reflect security updates and mitigations for in scope Intel® SGX products. Note that, due to various factors, some platform TCB levels may not reflect enforcement to the latest firmware version available from Intel.

Key Attestation Dates

• November 8, 2022 (Development Enforcement Phase 1): The Development Environment for Intel® Software Guard Extensions (Intel® SGX) Attestation Service utilizing Intel® Enhanced Privacy ID (Intel® EPID) (IAS-DEV) will enforce the presence of microcode and software updates on phase 1 platforms.
  • Phase 1 platforms (listed by CPUID): 406E3, 506E3, 706A1, 706A8, 706E0, 706E1, 706E2, 706E3, 706E4, 706E5, 806E9, 806EA, 806EB, 806EC, 906EA, 906EB, 906EC, 906ED, A0652, A0653, A0655, A0660, A0661, A0670, A0671  (Product Lookup)
• November 29, 2022 (Production Enforcement Phase 1): The Production Environment for Intel® SGX Attestation Service utilizing Intel® EPID (IAS-LIV) will enforce the presence of microcode and software updates on phase 1 platforms (see above).
• December 13, 2022 (Development Enforcement Phase 2): IAS-DEV will enforce the presence of microcode and software updates on phase 2 platforms.
  • Phase 2 platforms (listed by CPUID): 906E9, 906ED (Product Lookup)
• January 17, 2023 (Production Enforcement Phase 2): IAS-LIV will enforce the presence of microcode and software updates on phase 2 platforms (see above).

Unless otherwise specified, updates are targeted around 7 am Pacific Standard Time. 

Key Dates for Intel SGX Data Center Attestation Primitives Customers

These are customers not using Intel EPID attestation, but are instead constructing their own attestation infrastructure using the Intel® SGX Provisioning Certification Service (Intel® SGX PCS) (these customers decide when to enforce the microcode and software update, as part of their appraisal policies):

• November 28, 2022: Last full day to obtain extended expiration (150 day) Endorsements / Reference Values (i.e. PCK Certificates and verification collateral).
• November 29, 2022: Availability of new Endorsements / Reference Values (30-day expiration) for all Intel® SGX platforms supporting Elliptic Curve Digital Signature Algorithm (ECDSA) attestation.
• January 17, 2023: Availability of new Endorsements / Reference Values (30-day expiration) for CPUID = 906ED (Product Lookup). 

Unless otherwise specified, updates are targeted around 7 am Pacific Standard Time. 

Notices and Disclaimers

Intel processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.  

Intel technologies may require enabled hardware, software, or service activation. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.