Skip to main content

Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution


Jo Van Bulck, Marina Minkin, Ofir Weiss, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom and Raoul Stracks

University of Michigan



KU Leuven

The University of Adelaide


Trusted execution environments, and particularly the Software Guard eXtensions (SGX) included in recent Intel x86 processors, gained significant traction in recent years. A long track of research papers, and increasingly also real-world industry applications, take advantage of the strong hardware-enforced confidentiality and integrity guarantees provided by Intel SGX. Ultimately, enclaved execution holds the compelling potential of securely offloading sensitive computations to untrusted remote platforms. We present Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations. Crucially, unlike previous SGX attacks, we do not make any assumptions on the victim enclave's code and do not necessarily require kernel-level access. At its core, Foreshadow abuses a speculative execution bug in modern Intel processors, on top of which we develop a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache. We demonstrate our attacks by extracting full cryptographic keys from Intel's vetted architectural enclaves, and validate their correctness by launching rogue production enclaves and forging arbitrary local and remote attestation responses. The extracted remote attestation keys affect millions of devices.

BibTeX Entry

    year             = {2018},
    month            = aug,
    pages            = {991--1008},
    publisher        = {USENIX},
    paperurl         = {},
    booktitle        = {USENIX Security Symposium},
    author           = {Van Bulck, Jo and Minkin, Marina and Weiss, Ofir and Genkin, Daniel and Kasikci, Baris and Piessens,
                        Frank and Silberstein, Mark and Wenisch, Thomas F. and Yarom, Yuval and Stracks, Raoul},
    address          = {Baltimore},
    title            = {Foreshadow: Extracting the Keys to the Intel {SGX} Kingdom with Transient Out-of-Order Execution},
    date             = {2018-8-15}