Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1216 Discussions

Can an enclave directly access outside space with a virtual address?

Sam5
New Contributor I
286 Views

Hi,

I have two question here.

  1. If the CPU is in enclave mode, it cannot reach a none-EPC page. That's to say, the code in an enclave cannot directly access outside virtual space.
  2. The enclave can see all the virtual space of this process

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
286 Views

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

3 Replies
Juan_d_Intel
Employee
286 Views

While running inside an enclave you can access pages outside EPC that belong to the process that created the enclave. That's how you copy data in and out. You cannot jump to continue execution outside enclave boundaries though.

Surenthar_S_Intel
287 Views

Hi Sam,

Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

Sam5
New Contributor I
286 Views

Thanks for your information...

Reply