Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments

This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show control state registers of x87 Floating-Point Unit (FPU) Streaming SIMD are not always properly sanitized on entry. We furthermore this goes beyond x86 architecture can also affect RISC-V enclaves. Focusing SGX, abuse adversary’s over precision rounding modes as an ABI fault injection primitive corrupt enclaved operations. Our analysis reveals is especially relevant applications use older FPU, which still under certain conditions used by modern compilers. exemplify potential quality-degradation attacks machine learning SPEC benchmarks. then explore confidentiality, showing exception masks be abused controlled channel recover multiplication operands. findings, affecting 5 studied SGX one runtime, demonstrate challenges implementing high-assurance trusted execution computing architectures.