Current processors may provide support for a secure and/or trusted execution environment such as a secure enclave, also known as an architectural enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes. In particular, certain processors may include Intel® Software Guard Extensions (SGX) to provide secure enclave support.
In particular, SGX provides confidentiality, integrity, and replay-protection to the secure enclave data while the data is resident in the platform memory and thus provides protection against both software and hardware attacks. The on-chip boundary forms a natural security boundary, where data and code may be stored in plaintext and assumed to be secure. Intel® SGX does not protect input/output (I/O) data that moves across the on-chip boundary.
Current computing devices perform Universal Serial Bus (USB) device enumeration and topology management “in the clear,” that is, the operations are not encrypted. Thus, for current computing devices, malicious system software may easily identify commands, modify commands, modify results to provide false information to a secure enclave, or block commands or results to deny service entirely.