Is Librem 14 vulnerable to LVI attacks?

Hi all,

I was looking at the Librem 14 and checking the security of the processor used there (Intel Core i7 10710U), and was double checking that it has hardware mitigations for spectre, meltdown, etc. It seems good on that front, but for the more recent load value injection (LVI) attacks, it’s questionable.

Here’s what I found so far:
Intel’s security vulnerabilities page says this about LVI vulnerability (in footnote 5):
“Software tools for Intel® Software Guard Extensions (Intel® SGX); only if Intel SGX is supported”

Then Intel’s ark page says this about SGX:
“Yes with Intel ME”

So… I’m pretty sure coreboot disables the Intel management engine - is that correct? And if so: does that mean SGX is also disabled, and therefore it would be immune to LVI attacks?

All Librems ship with both the ME and SGX disabled. If a vulnerability allows access to an SGX enclave, Librems would not be subject to that portion of the vulnerability

3 Likes

Awesome! That’s what I was hoping! Thanks…