Solved: Can an enclave directly access outside space with a virtual address?

Sam5 · ‎07-20-2016

Hi,

I have two question here.

If the CPU is in enclave mode, it cannot reach a none-EPC page. That's to say, the code in an enclave cannot directly access outside virtual space.
The enclave can see all the virtual space of this process

-Thanks

Surenthar_S_Intel · ‎07-20-2016

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Juan_d_Intel · ‎07-20-2016

While running inside an enclave you can access pages outside EPC that belong to the process that created the enclave. That's how you copy data in and out. You cannot jump to continue execution outside enclave boundaries though.

Surenthar_S_Intel · ‎07-20-2016

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5 · ‎07-20-2016

Thanks for your information...