https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133764#M1972 <P>Hi Scott,</P><P>Is there any way to send secrets&nbsp;to the enclave in asymmetrically encrypted way, say ECDSA+AES? with the enclave's public key. So that anybody can just transmit the encrypted data to the untrusted environment and then pass to the enclave.</P><P>Or does it has to go by remote attestation in interactive way? that requires the secret holders to be online during the secret transmission.</P><P></P><BLOCKQUOTE>Scott R. (Intel) wrote:<BR /><P></P><P>Hello Nirjhar.</P><P>Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.&nbsp; But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.&nbsp; To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely&nbsp;provision the secret from a remote entity.</P><P>Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.&nbsp; The EDL is just what defines the functions that can be&nbsp;called to/call out from inside the enclave. So in your example, func1()&nbsp;would reside in secure memory and would only be callable from inside the enclave.</P><P>Regards.</P><P>Scott</P><P>&nbsp;</P><P></P></BLOCKQUOTE><P></P> Wed, 23 Jan 2019 09:03:28 GMT Hszz09 2019-01-23T09:03:28Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133762#M1970 <P>Lets say I have the enclave.cpp file and&nbsp; I have&nbsp;a global variable "secret _key". Will the variable "secret_key" will reside in the protected enclave space? If not how to have some global variables whose value will be stored in the enclave and not in the untrusted space?</P><P>&nbsp;</P><P>Also if i have a function func1() in enclave.cpp but it is not declared in the enclave.edl file,&nbsp; then will the function be a part of the enclave or will be available in the untrusted memory location?</P> Tue, 15 Jan 2019 14:07:04 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133762#M1970 ROY__NIRJHAR 2019-01-15T14:07:04Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133763#M1971 <P>Hello Nirjhar.</P><P>Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.&nbsp; But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.&nbsp; To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely&nbsp;provision the secret from a remote entity.</P><P>Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.&nbsp; The EDL is just what defines the functions that can be&nbsp;called to/call out from inside the enclave. So in your example, func1()&nbsp;would reside in secure memory and would only be callable from inside the enclave.</P><P>Regards.</P><P>Scott</P><P>&nbsp;</P> Tue, 15 Jan 2019 23:06:51 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133763#M1971 Scott_R_Intel 2019-01-15T23:06:51Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133764#M1972 <P>Hi Scott,</P><P>Is there any way to send secrets&nbsp;to the enclave in asymmetrically encrypted way, say ECDSA+AES? with the enclave's public key. So that anybody can just transmit the encrypted data to the untrusted environment and then pass to the enclave.</P><P>Or does it has to go by remote attestation in interactive way? that requires the secret holders to be online during the secret transmission.</P><P></P><BLOCKQUOTE>Scott R. (Intel) wrote:<BR /><P></P><P>Hello Nirjhar.</P><P>Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.&nbsp; But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.&nbsp; To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely&nbsp;provision the secret from a remote entity.</P><P>Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.&nbsp; The EDL is just what defines the functions that can be&nbsp;called to/call out from inside the enclave. So in your example, func1()&nbsp;would reside in secure memory and would only be callable from inside the enclave.</P><P>Regards.</P><P>Scott</P><P>&nbsp;</P><P></P></BLOCKQUOTE><P></P> Wed, 23 Jan 2019 09:03:28 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/ENCLAVE-DATA-STORAGE/m-p/1133764#M1972 Hszz09 2019-01-23T09:03:28Z