I note that in pre-release mode or debug mode different apps can use a same enclave. Thus, if someone else analysed the untrusted part of my app and got the Ecall function interface, then load my enclave. He can do what he want to do. My question is:
1. When in release mode is enclave bind to application?
2. If not is there any suggestion on avoiding anonymous enclave loading operation?
Please refer to this page for information on how to seal your enclave and this method helps protect your enclave --- https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing.
And in the release mode we use a 2 step signing process and the enclave needs to be signed with a white-listed key and the signed enclave can be used with the key.Signing an enclave is a process that involves in producing signature structure that contain enclave properties such as enclave Measurement. During initial enclave build by application developer, the enclave identity like "measurement of enclave" is used to produce the signature.This signed enclave signature is verified in the target system during the enclave construction and Initialization.In the target system (system at which enclave is to be launched), the measurement data that is obtained during the enclave launch, is used to verify the signature.If the signature match, then only enclave will be allowed to run.If there is any modification in measurement value (code, data of enclave), signature mismatch will occur. This will not allow the enclave to run.
1. Although two different applications can use the same enclave, they do not use the same instance of the enclave. In that sense, an enclave instance is always bound to an application, not only in release mode.
2. To the best of my knowledge there is no recommendation from Intel regarding this.
I have already read that article, it introduced sgx sealing. Using the default policy, enclave seals data with a key derived from MRSIGNER, that means the enclave signed with the same key can unseal the sealed data. And if using Enclave Identity the same enclave can unseal the sealed data. A two step signing process can make sure the enclave not be modified, but not guarantee only valid app can load the enclave. what I want to know is that how to prevent invalid app load my enclave. Thank you.
HI Rodolfo S:
Thank you. Although they are not the same instance, if anyone else successfully load my enclave, then he can unseal the secret and perform other operation with the secret. Is that right?