sgx virtualization

jamason — Sun, 21 Jan 2018 20:53:58 GMT

hello,

i have 2 questions concerning the use of sgx and sgx sealing functionality in virtualized environments?

1. does hyper-v support sgx ?

2- would the following scenario work?

launch a clean VM in a hyper-v VM running on top of a windows os.
run a linux encalve 1 which seals the data to its MRSIGNER
tearodwn the enclave and the VM
run an enclave 2 in the host os windows (enclave 1 and enclave 2 have the same MRSIGNER)
unseal the data which has been sealed by enclave 1

Thank you

Hi:

you_w_ — Mon, 22 Jan 2018 01:36:08 GMT

Hi:

1. The answer is no. As far as I know, SGX virtualization only works with kvm and xen Framework.

2. I know that in a same platform you can seal a secret in linux and then unseal with windows by using MrSigner Policy. But whether it works with VMs is depends on the implementation.

Hope someone from sgx kernel develop team explain that.

Thanks

you

topic Hi: in Intel® Software Guard Extensions (Intel® SGX)

sgx virtualization

Hi: