Hi all,
I was looking at the Librem 14 and checking the security of the processor used there (Intel Core i7 10710U), and was double checking that it has hardware mitigations for spectre, meltdown, etc. It seems good on that front, but for the more recent load value injection (LVI) attacks, it’s questionable.
Here’s what I found so far:
Intel’s security vulnerabilities page says this about LVI vulnerability (in footnote 5):
“Software tools for Intel® Software Guard Extensions (Intel® SGX); only if Intel SGX is supported”
Then Intel’s ark page says this about SGX:
“Yes with Intel ME”
So… I’m pretty sure coreboot disables the Intel management engine - is that correct? And if so: does that mean SGX is also disabled, and therefore it would be immune to LVI attacks?