[...] The [SGAxe] attack can just as easily steal cryptographic keys that SGX uses for "attestation," or the process of proving to a remote server that the hardware is a genuine Intel processor and not a malicious simulation of one. A remote server can require connecting devices to provide these attestation keys before it will carry out financial transactions, play protected videos, or perform other restricted functions. In a paper titled SGAxe: How SGX Fails in Practice, researchers from the University of Michigan and the University of Adelaide in Australia wrote:

With the machine's production attestation keys compromised, any secrets provided by [the] server are immediately readable by the client's untrusted host application while all outputs allegedly produced by enclaves running on the client cannot be trusted for correctness. This effectively renders SGX-based DRM applications useless, as any provisioned secret can be trivially recovered. Finally, our ability to fully pass remote attestation also precludes the ability to trust any SGX-based secure remote computation protocols.

[...] The second SGX attack is notable because it's based on a previously unknown side channel created by an undocumented buffer that all Intel CPU cores use. This "staging buffer," as researchers from Vrije University in Amsterdam and ETH Zurich call it, retains the results of previously executed offcore instructions across all CPU cores.

The discovery is highly significant for a couple of reasons. First, the staging buffer retains output from RDRAND and RDSEED, which are among the most sensitive instructions an Intel CPU can carry out because they provide the random numbers needed when generating crypto keys.

[...] Equally important, the side channel provided by this newly discovered staging buffer allowed the attackers to create the world's first-known speculative execution attack that works across CPU cores. All previous attacks have worked only when an attacker and a target used the same core. Many defenders took that to mean that allocating trusted and untrusted code to different cores provided meaningful protection against speculative execution attacks, which are also known as transient execution attacks. CrossTalk, as the new exploit has been named, will force researchers and engineers to revisit that assumption.