https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088505#M739 <P>Hi,</P> <P>SGX also supports G3 state. When the system gets shutdown, the application may register a callback function for such events. When the callback function is invoked then the application may call the enclave specifically to save secret state to disk for preservation. However, the operating system does not guarantee that the enclave will be given enough time to seal all its internal state. Enclaves that <SPAN style="font-size: 1em;">wish to preserve state across&nbsp;</SPAN><SPAN style="font-size: 1em;">power transition events must periodically seal enclave state data outside the enclave (on disk or&nbsp;</SPAN><SPAN style="font-size: 1em;">the cloud). On re-instantiation of the application, the enclave is rebuilt from scratch and the&nbsp;</SPAN><SPAN style="font-size: 1em;">enclave must retrieve its protected state (from disk or the cloud) inside the enclave.</SPAN></P> <P><BR style="line-height: normal; text-align: -webkit-auto; text-size-adjust: auto;" /> &nbsp;</P> Thu, 17 Nov 2016 11:24:48 GMT PadmaPriya_M_Intel 2016-11-17T11:24:48Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088504#M738 <P>Hi,</P> <P>According to&nbsp;https://01.org/sites/default/files/documentation/intel_sgx_developer_guide_pdf.pdf</P> <P>"<EM>Enclaves that wish to preserve secrets across S3, S4, and S5 must save state information on disk.</EM>"</P> <P>&nbsp;</P> <P><SPAN style="font-size: 1em;">Does this mean that SGx enclave recovery doesn't include support for power state </SPAN><SPAN style="font-size: 1em;">Mechanical Off state (G3)?</SPAN></P> <P>So when the system with an enclave gets shutdown, it won't be possible anymore to resume enclave processes?</P> <P>&nbsp;</P> <P>Thanks.</P> <P>&nbsp;</P> Wed, 16 Nov 2016 18:37:09 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088504#M738 Mashiro_M_1 2016-11-16T18:37:09Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088505#M739 <P>Hi,</P> <P>SGX also supports G3 state. When the system gets shutdown, the application may register a callback function for such events. When the callback function is invoked then the application may call the enclave specifically to save secret state to disk for preservation. However, the operating system does not guarantee that the enclave will be given enough time to seal all its internal state. Enclaves that <SPAN style="font-size: 1em;">wish to preserve state across&nbsp;</SPAN><SPAN style="font-size: 1em;">power transition events must periodically seal enclave state data outside the enclave (on disk or&nbsp;</SPAN><SPAN style="font-size: 1em;">the cloud). On re-instantiation of the application, the enclave is rebuilt from scratch and the&nbsp;</SPAN><SPAN style="font-size: 1em;">enclave must retrieve its protected state (from disk or the cloud) inside the enclave.</SPAN></P> <P><BR style="line-height: normal; text-align: -webkit-auto; text-size-adjust: auto;" /> &nbsp;</P> Thu, 17 Nov 2016 11:24:48 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088505#M739 PadmaPriya_M_Intel 2016-11-17T11:24:48Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088506#M740 <P>&nbsp;</P> <P>Thank you for the answer Padma!<BR /> Marked that as the best reply!</P> <P>To summarize my understanding, and please correct me if I am wrong somewhere:<BR /> For example, the secret is a simple text phrase randomly generated inside an enclave, and I would want to retain it even after the platform shuts down (G3).&nbsp;<BR /> So in my enclave, I would...&nbsp;<BR /> &nbsp;&nbsp; &nbsp;+ invoke sgx_seal_data() for that text phrase to be sealed,&nbsp;<BR /> &nbsp;&nbsp; &nbsp;+ then I would have the now sealed phrase saved to a (maybe a .txt) file outside my enclave and into the hard-disk...<BR /> so that the next time that an enclave gets instantiated, I would not have to generate a random word anymore, but rather&nbsp;<BR /> &nbsp;&nbsp; &nbsp;+ read on that file,&nbsp;<BR /> &nbsp;&nbsp; &nbsp;+ extract the sealed text phrase,&nbsp;<BR /> &nbsp;&nbsp; &nbsp;+ and do sgx_unseal_data() upon it to be able to have the secret text again.</P> <P>Lastly, would the data stored in the hard-disk be safe from any forced-decryption? Or is it outside the scope anymore of the SGx?</P> Thu, 17 Nov 2016 19:00:20 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088506#M740 Mashiro_M_1 2016-11-17T19:00:20Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088507#M741 <P>Hi,</P> <P>Please refer the section no:7.2 about Sealing and Unsealing Process(page.no:23) in the attached document for your clear understanding.</P> <P>-Thanks</P> Fri, 18 Nov 2016 05:40:24 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/About-Power-Transition/m-p/1088507#M741 PadmaPriya_M_Intel 2016-11-18T05:40:24Z