해결됨: Hi Mazhar,

Mazhar_N_ · ‎08-18-2016

Is it possible to run SGX enclaves at ring 0?

OR

Can we run SGX enclaves using sudo with root privileges?

I gather that SGX enclaves run at ring 3. Suppose I want to run a program inside SGX enclave which will want to access kernel data structures. Is there any way I could achieve this?

Surenthar_S_Intel · ‎08-19-2016

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode.
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

원본 게시물의 솔루션 보기

Surenthar_S_Intel · ‎08-19-2016

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode.
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

Mazhar_N_ · ‎08-27-2016

Surenthar Selvaraj. (Intel) wrote:

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode.
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

So that means we cannot run a kernel module inside SGX enclaves, right?

Surenthar_S_Intel · ‎09-01-2016

Hi Mazhar,

Yes, We cannot run a kernel module inside SGX enclaves.

-Surenthar.

Can SGX enclaves run at ring 0?