How do I perform SGX mitigation on Azure CC virtual machine?

Joseph Noonan 20 Reputation points
2024-12-11T19:39:01.8533333+00:00

I have a DCs2_V3 Azure Confidential Computing virtual machine running Ubuntu 20.04. I am getting the following error from my application:

 AttestationError { message: "TCB contains unmitigated unaccepted advisory ids: ["INTEL-SA-00615"]

How do I apply mitigation for this advisor ID on Ubuntu 20.04. Where can I find instructions to do this?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,035 questions
{count} votes

Accepted answer
  1. Mounika Reddy Anumandla 6,845 Reputation points Microsoft External Staff Moderator
    2024-12-12T06:06:47.46+00:00

    Hi Joseph Noonan,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    This advisory ID refers to a security vulnerability that affects certain Intel processors. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.

    Mitigation for these vulnerabilities includes a combination of microcode updates and software changes, depending on the platform and usage model. Microcode updates should be issued by the original equipment manufacturer (OEM). For more information, see INTEL-SA-00615. Intel Advisory INTEL-SA-00615 addresses security vulnerabilities in Intel processors, https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html The overview, mitigation is also explained in the document: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/processor-mmio-stale-data-vulnerabilities.html
    If you have any further queries, do let us know.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.