topic Hi Sam, in Intel® Software Guard Extensions (Intel® SGX)

Question on Local Attestation Sample Code shipped in SDK

Sam5 — Wed, 20 Jul 2016 05:04:19 GMT

Hi,

How enclave1 can transfer the report to enclave2. The report resides in enclave1. From there you could use EEXIT and return a pointer back to the application in untrusted space. The pointer cant be accessed as it points to Enclave. Sending from enclave1 to enclave2 directly is also not possible. Can you explain that part in detail?

-Thanks

Hi Sam

shen_y_ — Wed, 20 Jul 2016 08:36:05 GMT

Hi Sam

You can't transfer data from enclave1 to enclave2 directly. You need to get the report of enclave1 to your application and use enclave interface ,which is defined in enclave2, to transfer the report to enclave2.

(report)enclave1=====>application===>enclave2 :)

The report pointer is declared in your application ,not in enclave1. You have to pass the pointer into enclave1 and get the report using sgx_create_report() function in enclave1.

Thanks,

Hi Sam,

Surenthar_S_Intel — Wed, 20 Jul 2016 09:14:14 GMT

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

Thanks for your detailed

Sam5 — Wed, 20 Jul 2016 10:18:58 GMT

Thanks for your detailed information