https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-SGX-Building-a-trusted-enclave-within-untrusted-OS/m-p/1090430#M772 <P>Section 5 of our <A href="https://software.intel.com/en-us/articles/innovative-instructions-and-software-model-for-isolated-execution">whitepaper </A>explains the process for building an enclave. Whilst a Ring0 component&nbsp;executes the instructions, the HW architecture is responsible for the security of the enclave. The measurement created by the HW during this process is inaccessible to the Ring0 component.</P> <P>At the end of the build process you have an enclave with a measurement and&nbsp;it then uses the attestation process to allow a verifier to determine that the enclave was built as it required and then to deploy a secret to the enclave.</P> <P>Keys used to keep the secret local are also bound to the measurement of the enclave.</P> Sun, 17 Jan 2016 20:14:26 GMT Simon_J_Intel 2016-01-17T20:14:26Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-SGX-Building-a-trusted-enclave-within-untrusted-OS/m-p/1090429#M771 <P>Hello, I'm currently researching a little about the Intel SGX instructions and I find it difficult to understand how one can actually **build** a trusted enclave within an untrusted operating system. many of the Intel SGX instructions are ring 0 instructions that require kernel privilege. This implies<BR /> that the operating system (most likely) must be involved to provide services (Through e.g. system-calls). How can one trust the OS to actually build a trusted enclave for him?</P> <P>I did find the following paragraph within Intel manual:</P> <DIV data-canvas-width="415.884" style="left: 75.2px; top: 601.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.983177);">After a page has been added to an enclave, software ca</DIV> <DIV data-canvas-width="432.12899999999996" style="left: 491px; top: 601.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.977667);">n measure a 256 byte region as determined by the devel-</DIV> <DIV data-canvas-width="411.93149999999997" style="left: 75.2px; top: 619.928px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.985482);">oper by invoking EEXTEND. Thus to measure an entire</DIV> <DIV data-canvas-width="431.4044999999998" style="left: 486.901px; top: 619.928px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.987196);">page, system software must execute EEXTEND 16 times.</DIV> <DIV data-canvas-width="425.90399999999994" style="left: 75.2px; top: 638.328px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.985889);">Each invocation of EEXTEND adds to the cryptographic lo</DIV> <DIV data-canvas-width="427.3454999999999" style="left: 501.099px; top: 638.328px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.975675);">g information about which region is being measured and</DIV> <DIV data-canvas-width="244.7069999999999" style="left: 75.2px; top: 656.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.982759);">the measurement of the section.</DIV> <DIV data-canvas-width="244.7069999999999" style="left: 75.2px; top: 656.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.982759);">&nbsp;</DIV> <DIV data-canvas-width="244.7069999999999" style="left: 75.2px; top: 656.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.982759);">I still do not get, as EEXTEND and EADD should be executed with ring 0 privilege, how can an untrusted OS create a secured enclave. I know that I'm pretty much missing something, please enlighten me.</DIV> <DIV data-canvas-width="244.7069999999999" style="left: 75.2px; top: 656.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.982759);">&nbsp;</DIV> <DIV data-canvas-width="244.7069999999999" style="left: 75.2px; top: 656.628px; font-size: 15px; font-family: sans-serif; transform: scaleX(0.982759);">&nbsp;</DIV> Sun, 17 Jan 2016 15:15:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-SGX-Building-a-trusted-enclave-within-untrusted-OS/m-p/1090429#M771 roee_l_ 2016-01-17T15:15:13Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-SGX-Building-a-trusted-enclave-within-untrusted-OS/m-p/1090430#M772 <P>Section 5 of our <A href="https://software.intel.com/en-us/articles/innovative-instructions-and-software-model-for-isolated-execution">whitepaper </A>explains the process for building an enclave. Whilst a Ring0 component&nbsp;executes the instructions, the HW architecture is responsible for the security of the enclave. The measurement created by the HW during this process is inaccessible to the Ring0 component.</P> <P>At the end of the build process you have an enclave with a measurement and&nbsp;it then uses the attestation process to allow a verifier to determine that the enclave was built as it required and then to deploy a secret to the enclave.</P> <P>Keys used to keep the secret local are also bound to the measurement of the enclave.</P> Sun, 17 Jan 2016 20:14:26 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intel-SGX-Building-a-trusted-enclave-within-untrusted-OS/m-p/1090430#M772 Simon_J_Intel 2016-01-17T20:14:26Z