[16][17][18] On 27 March 2017 researchers at Austria's Graz University of Technology developed a proof-of-concept that can grab RSA keys from SGX enclaves running on the same system within five minutes by using certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels.
[25] On 8 February 2019, researchers at Austria's Graz University of Technology published findings which showed that in some cases it is possible to run malicious code from within the enclave itself.
[26] The exploit involves scanning through process memory in order to reconstruct a payload, which can then run code on the system.
The paper claims that due to the confidential and protected nature of the enclave, it is impossible for antivirus software to detect and remove malware residing within it.
[28] In July 2022, Intel submitted a Linux patch called AEX-Notify to allow the SGX enclave programmer to write a handler for these types of events.
[34] SGAxe,[35] an SGX vulnerability published in 2020, extends a speculative execution attack on cache,[36] leaking content of the enclave.
The SGAxe attack is carried out by extracting attestation keys from SGX's private quoting enclave that are signed by Intel.
[38] A security advisory and mitigation for this attack, also called a Processor Data Leakage or Cache Eviction, was originally issued January 27, 2020 and updated May 11, 2021.
Mark Ermolov, Maxim Goryachy and Dmitry Sklyarov refuted the claim to trustworthiness of the SGX concept at https://github.com/chip-red-pill/glm-ucode#.
Oxford University researchers published an article in October 2022[43] considering attackers' potential advantages and disadvantages by abusing SGX for malware development.