- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For example, I create an enclave using sgx_create_enclave() and save the token into a file.
Can another process access the enclave using the same token?
If not, is there any way to share data inside an enclave for different processes?
Thanks
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please look into this link https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing
-Surenthar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Surenthar Selvaraj. (Intel) wrote:
Hi,
Please look into this link https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing
-Surenthar
So enclave and share data using seal scenario.
Can two different process refer to a same enclave?
What is the sgx_lauch_token_t used for in sgx_create_enclave() function
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
>> What is the sgx_lauch_token_t used for in sgx_create_enclave() function?
A pointer to an sgx_launch_token_t object used to initialize the enclave to be created. Must not be NULL. The caller can provide an all-0 buffer as the sgx_launch_token_t object, in which case, the function will attempt to create a valid sgx_launch_ token_ tobject and store it in the buffer. The caller should store the sgx_launch_token_ t object and re-use it in future calls to create the same enclave. Certain platform configuration changes can invalidate a previously stored sgx_ launch_token_t object. If the token provided is not valid, the function will attempt to update it to a valid one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can an Enclave be shared among different processes?
Not directly. But there are several approaches that can be considered:
1) Implement the enclave as a service enclave that can receive requests and serve those requests depending on the API interface define for that enclave.
2) Local attestation - have enclaves establish trust with one another and establish a secure channel for passing information
3) Enclaves signed with the same MRSIGNER can generate a common seal key and share a seal blob to pass data.
-Surenthar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Surenthar,
Can we are able to send data to/from one enclave to another enclave, when running under the same application (if we don't want to use local attestation)? Can we use same MRSIGNER for this?
Regards,
Rohit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rohit J. wrote:
Hello Surenthar,
Can we are able to send data to/from one enclave to another enclave, when running under the same application (if we don't want to use local attestation)? Can we use same MRSIGNER for this?
Regards,
Rohit
If both enclaves belong to the same application with same MRSIGNER, they can both derive the same seal key and use that to pass messages around. Enclave1 can encrypt a message with the seal key and store it on disk. Enclave 2 can decrypt the message blob with the same seal key. For this approach you don’t need local attestation with the assumption that you will trust any enclave that have the same MRSIGNER.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Selvaraj, Surenthar (Intel) wrote:
1) Implement the enclave as a service enclave that can receive requests and serve those requests depending on the API interface define for that enclave.
What did you mean by "service enclave"? Is it a special kind of enclave or just an enclave launched by a daemon process?
Thanks,
Xi
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page