Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Difference btw trusted bridge and trusted proxy?

jason_t_
Beginner
787 Views

In Intel's SGX developer guide Pointer Handling(https://software.intel.com/en-us/node/696463), it mentions:

> When a buffer is being copied, the trusted bridge must avoid overwriting enclave memory in an ECALL and the trusted proxy must avoid leaking secrets in an OCALL.

What are the trusted bridge and trusted proxy here?

0 Kudos
1 Solution
Prabu_R_Intel
Employee
787 Views

Hello Jason,

Trusted bridge and Trusted proxy interfaces between application and enclave.This code interfaces in/Out of enclave.

Edger Tool(included in build environment) that parses the EDL file and generate the trusted bridge and trusted proxy files (.c and .h files).

Trusted Bridge

For ECALLs, trusted bridge task is to ensure that the marshalling structure does not overlap enclave memory.

[in]: When a pointer to untrusted memory with attribute in is passed to the enclave, the trusted bridge allocates memory inside the enclave and copies the memory pointed to by
 the pointer from outside to the enclave memory.

[out]: When a pointer to untrusted memory with the out attribute is passed to the enclave, the trusted bridge allocates a buffer in trusted memory, zeroes the buffer contents
 to clear any previous secrets and passes a pointer to this buffer to the trusted function. After the trusted function returns, the trusted bridge copies the contents of the
 trusted buffer to untrusted memory.
 
 Trusted proxy
 
 For OCALLs, the trusted proxy allocates memory on the outside stack to pass the marshalling structure and checks that pointer parameters with their full range are within enclave.
 
 [in]: When a pointer to trusted memory with attribute in is passed from an enclave (an OCALL), the trusted proxy allocates memory outside the enclave and copies the memory
 pointed by the pointer from inside the enclave to untrusted memory.

[out]: When a pointer to trusted memory with the out attribute is passed from an enclave (an OCALL), the trusted proxy allocates a buffer on the untrusted stack, and passes
 a pointer to this buffer to the untrusted function. After the untrusted function returns, the trusted proxy copies the contents of the untrusted buffer to trusted memory.

Thanks,
R.Prabu

View solution in original post

0 Kudos
2 Replies
Prabu_R_Intel
Employee
788 Views

Hello Jason,

Trusted bridge and Trusted proxy interfaces between application and enclave.This code interfaces in/Out of enclave.

Edger Tool(included in build environment) that parses the EDL file and generate the trusted bridge and trusted proxy files (.c and .h files).

Trusted Bridge

For ECALLs, trusted bridge task is to ensure that the marshalling structure does not overlap enclave memory.

[in]: When a pointer to untrusted memory with attribute in is passed to the enclave, the trusted bridge allocates memory inside the enclave and copies the memory pointed to by
 the pointer from outside to the enclave memory.

[out]: When a pointer to untrusted memory with the out attribute is passed to the enclave, the trusted bridge allocates a buffer in trusted memory, zeroes the buffer contents
 to clear any previous secrets and passes a pointer to this buffer to the trusted function. After the trusted function returns, the trusted bridge copies the contents of the
 trusted buffer to untrusted memory.
 
 Trusted proxy
 
 For OCALLs, the trusted proxy allocates memory on the outside stack to pass the marshalling structure and checks that pointer parameters with their full range are within enclave.
 
 [in]: When a pointer to trusted memory with attribute in is passed from an enclave (an OCALL), the trusted proxy allocates memory outside the enclave and copies the memory
 pointed by the pointer from inside the enclave to untrusted memory.

[out]: When a pointer to trusted memory with the out attribute is passed from an enclave (an OCALL), the trusted proxy allocates a buffer on the untrusted stack, and passes
 a pointer to this buffer to the untrusted function. After the untrusted function returns, the trusted proxy copies the contents of the untrusted buffer to trusted memory.

Thanks,
R.Prabu

0 Kudos
jason_t_
Beginner
787 Views

Thank you R.Prabu, so can I re-phrase your detailed answer in this way ? 

Trusted bridge and trusted proxy are two delegates responsible for allocating and/or copying memory buffers in/out enclave. They are built by the Edger Tool, based on the EDL file we developer writes, to take care of each ECALL and OCALL respectively. 

0 Kudos
Reply