https://community.intel.com/t5/Intel-Software-Guard-Extensions/EPC-protection/m-p/1134301#M2004 <P>Intel SGX doesn't trust the OS, so it maintains the EPCM to support page permission check for EPC pages. The security check is performed by extending the page miss handler (PMH).</P> <P>Please refer to <A href="https://eprint.iacr.org/2016/086.pdf" target="_blank">https://eprint.iacr.org/2016/086.pdf</A>, page 93, Sec. 6.2 for more details.</P> Sat, 24 Jun 2017 13:14:46 GMT yunfeng7854 2017-06-24T13:14:46Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/EPC-protection/m-p/1134300#M2003 <P>Hi folks,</P> <P>Do you know how SGX makes EPC invisible to OS? I know that there is an ownership mechanism using labels for different enclaves to make sure every enclave is accessing just to its own page inside the EPC; is there a similar mechanism for OS as well? it seems&nbsp;SGX needs more to prevent the adversary OS from EPC?&nbsp;</P> <P>&nbsp;</P> <P>thanks</P> <P>Meysam</P> Fri, 23 Jun 2017 23:07:40 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/EPC-protection/m-p/1134300#M2003 Meysam_t_ 2017-06-23T23:07:40Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/EPC-protection/m-p/1134301#M2004 <P>Intel SGX doesn't trust the OS, so it maintains the EPCM to support page permission check for EPC pages. The security check is performed by extending the page miss handler (PMH).</P> <P>Please refer to <A href="https://eprint.iacr.org/2016/086.pdf" target="_blank">https://eprint.iacr.org/2016/086.pdf</A>, page 93, Sec. 6.2 for more details.</P> Sat, 24 Jun 2017 13:14:46 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/EPC-protection/m-p/1134301#M2004 yunfeng7854 2017-06-24T13:14:46Z