topic Letting the untrusted code in Intel® Software Guard Extensions (Intel® SGX)

Question to Thread Context

Joe63 — Sun, 19 Feb 2017 11:10:08 GMT

In the developer Guide (chapter Programming Model) is stated that the untrusted code selects the thread context to be used within the enclave.

1. Can someone explain me explain me how i can select that Thread context for enclaves?

2. Also is this a security problem? The other lists in Programming Models are naming some security related facts like: "A bug in the TCB can compromise the hole enclave, so keep it small". Is there also a security problem because the untrusted code seelcts the thread context?

Here is the definition of a Thread Context:

Thread Control Structure (TCS)
Thread Data/Thread Local Storage – data within the enclave and specific to the thread
State Save Area (SSA) – a data buffer which holds register state when - 4 - an enclave must exit due to an interrupt or exception
Stack – a stack located within the enclave

Hi,

Surenthar_S_Intel — Mon, 20 Feb 2017 05:34:59 GMT

Hi,

Please refer the Intel SGX Developer Reference guide (https://software.intel.com/en-us/documentation/sgx-sdk-developer-reference) "Enclave Settings" and "Enclave Configuration File" Topic for your reference.

-Surenthar

Letting the untrusted code

Juan_d_Intel — Mon, 27 Feb 2017 19:12:47 GMT

Letting the untrusted code select the Thread Context is not a security risk, because:

All thread contexts are equivalent, i.e. it doesn't matter which one the untrusted code chooses.
The untrusted code cannot modify any area of a thread context.

The enclave controls what happens inside the enclave but it cannot control what happens outside, i.e. how enclave calls are made (what thread context, when, in what order, etc.).