Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Accessing non-EPC part from inside the enclave

Meysam_t_
Beginner
600 Views

Dear All,

How to access the non-EPC part of memory directly from inside the enclave. Let us assume that there is a global variable that is defined in the application. Now, from inside the enclave which has been created by the application this variable needs to be accessed. Since this variable is not sensitive, I want to access it directly without paying the OCALL overhead. Is this possible? how?

I appreciate your help. 

0 Kudos
4 Replies
JesusG_Intel
Moderator
600 Views

Hello Meysam,

Remember that enclaves do not trust host software or the applications that call it. The enclave has no knowledge of global variables in the host application. The host application can pass data to the enclave via the parameters in the ECALL.

Regards,

Jesus

0 Kudos
Meysam_t_
Beginner
600 Views

Hello Jesus,

Thanks for your comment. I appreciate your quick reply. 

Then how we can distinguish between sensitive data and non-sensitive data that we want to pass to the enclave. For example, if I have an Ecall like 

f([in,out, count=len]*buffer, int len), the buffer will be copied into EPC and it would be considered as a sensitive data, integrity verification and confidentiality supported. How to pass this buffer to the enclave if I do not want to move it into EPC and I do not want to pay for any security primitives? 

 

thanks for your help.  

0 Kudos
JesusG_Intel
Moderator
600 Views

Hello Meysam,

I think you have already found the user_check attribute, which is how to pass buffers without copying them into the EPC. However, if you do pass buffers to enclaves without performing any checks yourself you are putting your software at risk since that buffer can be changed by a malicious application without the enclave's knowledge. This is why enclaves do not trust host software.

Regards,

Jesus

0 Kudos
Meysam_t_
Beginner
600 Views

Thank you so much for your very useful comments. 

 

0 Kudos
Reply