I'm doing research for a future Talospace article on the ultravisor, but while it should do something conceptually similar I don't think it's an exact replacement for SGX.
Flexver seems to have a little different scope and involves tamper protection as well AIUI, but @madscientist159 could say more about that.
Yes, FlexVer is the technology required to basically harden the systems against direct physical attack. Since we consider permanent vendor control via e.g. vendor signing keys absolutely unacceptable, some other scheme is required to prevent physical access from silently becoming root / hypervisor root. That's where FlexVer sits.
We have a few papers online, e.g.
https://www.raptorengineering.com/TALOS/documentation/flexver_intro.pdf and
https://www.raptorengineering.com/TALOS/documentation/integrimon_intro.pdf . There's also some information at
http://integricloud.com/content/base/service_intro.html , and I'd be happy to answer any direct questions you have.
Since Ultravisor is owner controlled, we'd generally say FlexVer is needed to make sure the Ultravisor image you think you loaded was actually loaded if a hostile physical environment is in play.
@AbstractConcept My standard answer to anyone promoting SGX as a "secure" solution is to ask, do you have an SLA with Intel that will pay out all damages incurred if SGX is implemented wrong, has a firmware bug that allows malicious access, if Intel abuses their keys to gain access to your data (including under court order / with warrant), etc.? If not, you're just blindly trusting a third party to act in your interests at all times for no real reason. Not a place I'd like to be, and definitely nothing I'd call "secure".
