Can SGX enclaves run at VMX root mode (or VMM)?

Intel® Software Guard Extensions (Intel® SGX)

Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Can SGX enclaves run at VMX root mode (or VMM)?

670 Views

Hello,

Is it possible to run SGX enclaves at VMX root ring 3? As we know, Intel VMX root mode has ring0-3, so can we run a SGX enclave at VMX-root mode's ring3 and install the Intel SGX Driver at VMX-root mode's ring0?

That is, Can we run SGX enclaves correctly inside the VMM (or Hypervisor)

This question is inspired by one statement in the Intel SDM file: "Intel SGX functionality (including SGX1 and SGX2) can be made available to software running in either VMX root operation or VMX non-root operation", but there seems no additional description about running SGX enclave in VMX root mode.

Thanks.

Link Copied

0 Replies

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.