Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Can SGX enclaves run at ring 0?

Mazhar_N_
Beginner
413 Views

Is it possible to run SGX enclaves at ring 0?

OR

Can we run SGX enclaves using sudo with root privileges?

I gather that SGX enclaves run at ring 3. Suppose I want to run a program inside SGX enclave which will want to access kernel data structures. Is there any way I could achieve this?

0 Kudos
1 Solution
Surenthar_S_Intel
413 Views

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode. 
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

3 Replies
Surenthar_S_Intel
414 Views

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode. 
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

Mazhar_N_
Beginner
413 Views

Surenthar Selvaraj. (Intel) wrote:

Hi Mazhar,

SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode. 
Intel SGX objective is secure the application in ring 3 itself. Applications are not protected from privileged code attacks. Intel® SGX provides a safe place for code and data in the application.

Thanks and Regards,
Surenthar Selvaraj

So that means we cannot run a kernel module inside SGX enclaves, right?

Surenthar_S_Intel
411 Views

Hi Mazhar,

Yes, We cannot run a kernel module inside SGX enclaves.

-Surenthar.

Reply