topic Hi Anusha K. (Intel)： in Intel® Software Guard Extensions (Intel® SGX)

Different app use the same enclave

you_w_ — Mon, 24 Jul 2017 06:31:03 GMT

Hi ：

I note that in pre-release mode or debug mode different apps can use a same enclave. Thus, if someone else analysed the untrusted part of my app and got the Ecall function interface, then load my enclave. He can do what he want to do. My question is:

1. When in release mode is enclave bind to application?

2. If not is there any suggestion on avoiding anonymous enclave loading operation?

Hi,

Anusha_K_Intel — Mon, 24 Jul 2017 12:55:02 GMT

Hi,

Please refer to this page for information on how to seal your enclave and this method helps protect your enclave --- https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing.

And in the release mode we use a 2 step signing process and the enclave needs to be signed with a white-listed key and the signed enclave can be used with the key.Signing an enclave is a process that involves in producing signature structure that contain enclave properties such as enclave Measurement. During initial enclave build by application developer, the enclave identity like "measurement of enclave" is used to produce the signature.This signed enclave signature is verified in the target system during the enclave construction and Initialization.In the target system (system at which enclave is to be launched), the measurement data that is obtained during the enclave launch, is used to verify the signature.If the signature match, then only enclave will be allowed to run.If there is any modification in measurement value (code, data of enclave), signature mismatch will occur. This will not allow the enclave to run.

Hi, you.

Rodolfo_S_ — Mon, 24 Jul 2017 13:36:02 GMT

Hi, you.

1. Although two different applications can use the same enclave, they do not use the same instance of the enclave. In that sense, an enclave instance is always bound to an application, not only in release mode.

2. To the best of my knowledge there is no recommendation from Intel regarding this.

Best regards,

Rodolfo

Hi Anusha K. (Intel)：

you_w_ — Tue, 25 Jul 2017 03:04:19 GMT

Hi Anusha K. (Intel)：

I have already read that article, it introduced sgx sealing. Using the default policy, enclave seals data with a key derived from MRSIGNER, that means the enclave signed with the same key can unseal the sealed data. And if using Enclave Identity the same enclave can unseal the sealed data. A two step signing process can make sure the enclave not be modified, but not guarantee only valid app can load the enclave. what I want to know is that how to prevent invalid app load my enclave. Thank you.

Regards

you

HI Rodolfo S:

you_w_ — Tue, 25 Jul 2017 03:15:51 GMT

HI Rodolfo S:

Thank you. Although they are not the same instance, if anyone else successfully load my enclave, then he can unseal the secret and perform other operation with the secret. Is that right?

Regards

you

Hi you w.,

alc__ria — Wed, 10 Oct 2018 09:40:11 GMT

Hi you w.,

Any update on this issue? I would like to find out the answer.

-ria

Hi all.

Scott_R_Intel — Thu, 11 Oct 2018 13:45:53 GMT

Hi all.

No, there is no built-in way to prevent one untrusted app from loading another's enclave, as you say, to bind them together.

Regards.

Scott