https://community.intel.com/t5/Intel-Software-Guard-Extensions/user-check-protection-for-SGXSpectre/m-p/1153926#M2666 <P>Hi,</P> <P>Intel has released a technical advisory about the fixes for Spectre.&nbsp; However, I would like to get more insight on how to handle user_check.&nbsp; So from the "Intel® Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE-2017-5753) Side Channel Exploits" whitepaper, Intel mentioned that we have to protect user_check inputs with the following pattern:</P> <PRE class="brush:cpp;">uint32_t enclave_function(const uint8_t* user_check_input, uint32_t user_check_size) { ... // // make sure input buffer is outside enclave // int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size); if (!sgx_is_outside_enclave(user_check_input, user_check_size)) { // error code ... } else { _mm_lfence(); ... } ... } </PRE> <P>However, how do I protect the structure that I passed with user_check when it has multiple pointers inside?</P> <P>Thanks!</P> <P>Kind Regards,<BR /> Elephant</P> <P>&nbsp;</P> Thu, 15 Mar 2018 09:57:38 GMT Elephant 2018-03-15T09:57:38Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/user-check-protection-for-SGXSpectre/m-p/1153926#M2666 <P>Hi,</P> <P>Intel has released a technical advisory about the fixes for Spectre.&nbsp; However, I would like to get more insight on how to handle user_check.&nbsp; So from the "Intel® Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE-2017-5753) Side Channel Exploits" whitepaper, Intel mentioned that we have to protect user_check inputs with the following pattern:</P> <PRE class="brush:cpp;">uint32_t enclave_function(const uint8_t* user_check_input, uint32_t user_check_size) { ... // // make sure input buffer is outside enclave // int SGXAPI sgx_is_outside_enclave(const void *addr, size_t size); if (!sgx_is_outside_enclave(user_check_input, user_check_size)) { // error code ... } else { _mm_lfence(); ... } ... } </PRE> <P>However, how do I protect the structure that I passed with user_check when it has multiple pointers inside?</P> <P>Thanks!</P> <P>Kind Regards,<BR /> Elephant</P> <P>&nbsp;</P> Thu, 15 Mar 2018 09:57:38 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/user-check-protection-for-SGXSpectre/m-p/1153926#M2666 Elephant 2018-03-15T09:57:38Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/user-check-protection-for-SGXSpectre/m-p/1153927#M2667 <P>If the buffer is a structure of multiple pointers to other buffers, you will probably have to add one call to&nbsp;<SPAN style="font-size: 13.008px;"><STRONG>sgx_is_outside_enclave</STRONG> per pointer before you reference it.</SPAN></P> Mon, 16 Apr 2018 18:22:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/user-check-protection-for-SGXSpectre/m-p/1153927#M2667 Hoang_N_Intel 2018-04-16T18:22:13Z