Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1445 Discussions

Can an enclave directly access outside space with a virtual address?

Sam5
New Contributor I
1,050 Views

Hi,

I have two question here.

  1. If the CPU is in enclave mode, it cannot reach a none-EPC page. That's to say, the code in an enclave cannot directly access outside virtual space.
  2. The enclave can see all the virtual space of this process

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
1,050 Views

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
3 Replies
Juan_d_Intel
Employee
1,050 Views

While running inside an enclave you can access pages outside EPC that belong to the process that created the enclave. That's how you copy data in and out. You cannot jump to continue execution outside enclave boundaries though.

0 Kudos
Surenthar_S_Intel
1,051 Views

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Sam5
New Contributor I
1,050 Views

Thanks for your information...

0 Kudos
Reply