As any modern technology, Intel SGX has been affected by security vulnerabilities. Intel addresses these vulnerabilities by updating the microcode of CPUs, changing the hardware of new CPUs and updating the system software. While some of these vulnerabilities are really difficult to exploit and to reproduce, all of them require a swift update of the microcode of the CPU as well as as other system software. Outdated microcode and system software, will result in the attestation of enclaved application to fail. The SCONE platform will take care of updating the parts of the system software that affect the attestation.
BIOS Upgrade Required
Note that dynamic microcode updates offered by the operating system are insufficient: Each microcode update that patches a SGX vulnerability requires a BIOS update. During remote attestation, it is checked that the microcode of the CPU which is deployed by the BIOS is up-to-date. If the BIOS is out-of-date, the microcode is also out-of-date and the attestation will fail.
Whenever the microcode is updated, the SCONE platform ID will change. This means that whenever there is a microcode update, you will need to update the permitted platform IDs in your security policies.
Note that enabling certain CPU features like hyperthreading will also result in a different platform ID. This change of the ID is a security feature since we, for example, strongly recommend to switch off hyperthreading in production. By limiting the execution of your enclaved application to platform IDs of, say, a Kubernetes cluster with hyperthreading being switched off, you will prevent your application to run on a platform for which the adversary has switch on hyperthreading.