{"id":10831,"date":"2018-08-15T14:35:56","date_gmt":"2018-08-15T14:35:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29227\/Foreshadow-And-Intel-SGX-Software-Attestation-The-Whole-Trust-Model-Collapses.html"},"modified":"2018-08-15T14:35:56","modified_gmt":"2018-08-15T14:35:56","slug":"foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/","title":{"rendered":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses"},"content":{"rendered":"<p><strong class=\"trailer\">Interview<\/strong> In the wake of yet another <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/08\/14\/intel_l1_terminal_fault_bugs\/\">collection of Intel bugs<\/a>, <em>The Register<\/em> had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/08\/10\/pwnie_awards\/\">Dr Yuval Yarom<\/a> about its impact.<\/p>\n<blockquote class=\"pullquote\" readability=\"8\">\n<p>The main promise of SGX is that you can write code, and ship it to someone you do not fully trust. That person will run the code inside SGX on their machine, and you can see [it]&#8230;<\/p>\n<\/blockquote>\n<p>Dr Yarom explained that one of the big impacts of <a target=\"_blank\" href=\"https:\/\/foreshadowattack.eu\/\">Foreshadow<\/a> is that it destroys an important trust model \u2013 SGX attestations, which guarantee that the code you publish is the code someone else is running.<\/p>\n<p>Think of it as tamper-evident packaging for software: having published your software, the SGX remote attestation will fail if someone changes it. If things are working properly, you only know a remote machine has signed the software \u2013 not whose machine it was.<\/p>\n<p>If a Foreshadow (<a target=\"_blank\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00161.html\">CVE-2018-3615<\/a>) exploit were successful, it could break both the attestation and the privacy model.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2018\/08\/14\/shutterstock_spectre.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Spooky computer chips\"\/><\/p>\n<h2 title=\"Apps, kernels, virtual machines, SGX, SMM at risk from attack\">Three more data-leaking security holes found in Intel chips as designers swap security for speed<\/h2>\n<p><a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/08\/14\/intel_l1_terminal_fault_bugs\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Dr Yarom told us: \u201cThe main promise of SGX is that you can write code, and ship it to someone you do not fully trust. That person will run the code inside SGX on their machine, and you can see that whatever they run there is protected, because you know\u2026 they haven&#8217;t modified your code, they haven&#8217;t accessed the data that your code used.\u201d<\/p>\n<p>Someone writing a video player, he said, could use this as a rights protection mechanism: the player doesn&#8217;t allow copying, and the publisher knows it&#8217;s behaving correctly, because they&#8217;re receiving the signed SGX attestation saying so.<\/p>\n<p>\u201cAs part of our attack, what we managed to do is get the attestation keys.<\/p>\n<p>\u201cWe can take your code, analyse it to see what it does, know how it should behave, change that behaviour \u2013 but we can fake the attestation,\u201d he said \u2013 the code they run as attackers doesn&#8217;t match the publisher&#8217;s code, but the &#8220;tampered&#8221; code passes all the validity checks.<\/p>\n<p>In the video player example, the attacker can change the code so it creates a copy of content, but still \u201callow it to attest to vendor of the software that it is still running, protected.\u201d<\/p>\n<p>&#8220;The whole trust model collapses,&#8221; Dr Yarom told us.<\/p>\n<p>In a press release from CSIRO\/Data61, Dr Yarom said: &#8220;Intel will need to revoke the encryption keys used for authentication in millions of computers worldwide to mitigate the impact of Foreshadow.&#8221;<\/p>\n<p>As we observed reporting the <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/08\/14\/intel_l1_terminal_fault_bugs\/\">vulnerability exploited by Foreshadow<\/a> (and the other two vulnerabilities* that Intel discovered while investigating fixes), Intel created the exposure by prioritising performance over security, and Dr Yarom agreed.<\/p>\n<p>\u201cIt&#8217;s clear that Intel&#8217;s recent design decisions focussed on how to optimise processors &#8230; so that typical programs execute faster.<\/p>\n<p>&#8220;What we now see is that these optimisations, particularly when we don&#8217;t understand them, come at the cost of information about what the program is doing.\u201d<\/p>\n<p>He added that such decision-making isn&#8217;t confined to Intel.<\/p>\n<p>Dr Yarom said Intel&#8217;s black-box approach to processors is the reason Data61 is putting its weight behind the RISC Foundation&#8217;s <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/04\/23\/risc_v_sel4_port\/\">open hardware efforts<\/a>.<\/p>\n<p>&#8220;It&#8217;s about getting to know what&#8217;s inside a processor, and getting to be able to make a guarantee of the behaviour of the processor.<\/p>\n<p>&#8220;We need to make sure that these sorts of attacks aren&#8217;t feasible, and for that we need the ability to reason about the behaviour of the processor,&#8221; he said.<\/p>\n<blockquote class=\"pullquote\" readability=\"7\">\n<p>We need to make sure that these sorts of attacks aren&#8217;t feasible, and for that we need the ability to reason about the behaviour of the processor<\/p>\n<\/blockquote>\n<p>Dr Yarom was part of one of two teams who independently discovered Foreshadow, working with Marina Minkin and Mark Silberstein of Technion; Ofir Weisse, Daniel Genkin, Baris Kasikci, and Thomas Wenisch of the University of Michigan.<\/p>\n<p>A team from the imec-DistriNet research group at the KU Leuven \u2013 Jo Van Bulck, Frank Piessens, and Raoul Strackx \u2013 made the same discovery independently.<\/p>\n<p>Dr Yarom explained that after Meltdown and Spectre landed in <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/01\/04\/intel_amd_arm_cpu_vulnerability\/\">January<\/a>, it was clear to researchers that SGX was a logical next vector to attack.<\/p>\n<p>&#8220;Marina [Minkin] had worked with SGX, we talked about it a bit, and she mentioned a scenario which in SGX caused an access violation exception, instead of falling into &#8216;abort page semantics&#8217;. Because Meltdown is related to access violation exceptions we decided to give it a try.&#8221;<\/p>\n<p>Once you know where to look for a vulnerability, he said, &#8220;most of the hard part is done&#8221;. \u00ae<\/p>\n<p>* The researchers have called two related vulns \u2013 <a target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3620\">CVE-2018-3620<\/a> and <a target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-3646\">CVE-2018-3646<\/a> \u2013 &#8220;Foreshadow-NG&#8221; (next generation). Intel refers to the three flaws collectively as &#8220;<a target=\"_blank\" href=\"https:\/\/software.intel.com\/security-software-guidance\/software-guidance\/l1-terminal-fault\">L1 terminal fault<\/a>&#8220;.<\/p>\n<p>Yarom and the rest of the team are presenting &#8220;Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution&#8221; on 16 August at the <a target=\"_blank\" href=\"https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck\">Usenix Security conference.<\/a><\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1787\/-6625\/following-bottomlines-journey-to-the-hybrid-cloud?td=wptl1787\">Following Bottomline\u2019s journey to the Hybrid Cloud<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29227\/Foreshadow-And-Intel-SGX-Software-Attestation-The-Whole-Trust-Model-Collapses.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":10832,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[2967],"class_list":["post-10831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawcryptographyintel"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-15T14:35:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses\",\"datePublished\":\"2018-08-15T14:35:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\"},\"wordCount\":857,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg\",\"keywords\":[\"headline,flaw,cryptography,intel\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\",\"name\":\"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg\",\"datePublished\":\"2018-08-15T14:35:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,cryptography,intel\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawcryptographyintel\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/","og_locale":"en_US","og_type":"article","og_title":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-08-15T14:35:56+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses","datePublished":"2018-08-15T14:35:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/"},"wordCount":857,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg","keywords":["headline,flaw,cryptography,intel"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/","url":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/","name":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg","datePublished":"2018-08-15T14:35:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/08\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/foreshadow-and-intel-sgx-software-attestation-the-whole-trust-model-collapses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,cryptography,intel","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawcryptographyintel\/"},{"@type":"ListItem","position":3,"name":"Foreshadow And Intel SGX Software Attestation: The Whole Trust Model Collapses"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/10831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=10831"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/10831\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/10832"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=10831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=10831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=10831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}