Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Can an enclave directly access outside space with a virtual address?

Sam5
New Contributor I
‎07-20-2016 04:53 AM
1,121 Views
Solved Jump to solution

Hi,

I have two question here.

  1. If the CPU is in enclave mode, it cannot reach a none-EPC page. That's to say, the code in an enclave cannot directly access outside virtual space.
  2. The enclave can see all the virtual space of this process

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-20-2016 08:37 PM
1,121 Views
Solved Jump to solution

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Juan_d_Intel
Employee
‎07-20-2016 05:48 AM
1,121 Views
Solved Jump to solution

While running inside an enclave you can access pages outside EPC that belong to the process that created the enclave. That's how you copy data in and out. You cannot jump to continue execution outside enclave boundaries though.

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎07-20-2016 08:37 PM
1,122 Views
Solved Jump to solution

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Copy link
Sam5
New Contributor I
‎07-20-2016 08:48 PM
1,121 Views
Solved Jump to solution

Thanks for your information...

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.