Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Different app use the same enclave

you_w_
New Contributor III
1,858 Views

Hi :

I note that in pre-release mode or debug mode different apps can use a same enclave. Thus, if someone else analysed the untrusted part of my app and got the Ecall function interface, then load my enclave. He can do what he want to do. My question is:

1. When in release mode is enclave bind to application?

2. If not is there any suggestion on avoiding anonymous enclave loading operation? 

0 Kudos
6 Replies
Anusha_K_Intel
Employee
1,858 Views

Hi,

Please refer to this page for information on how  to seal your enclave and this method helps protect your enclave  --- https://software.intel.com/en-us/blogs/2016/05/04/introduction-to-intel-sgx-sealing.

And in the release mode we use a 2 step signing process and the enclave needs to be signed with a white-listed key and the signed enclave can be used with the key.Signing an enclave is a process that involves in producing signature structure that contain enclave properties such as enclave Measurement. During initial enclave build by application developer, the enclave identity like "measurement of enclave" is used to produce the signature.This signed enclave signature is verified in the target system during the enclave construction and Initialization.In the target system (system at which enclave is to be launched), the measurement data that is obtained during the enclave launch, is used to verify the signature.If the signature match, then only enclave will be allowed to run.If there is any modification in measurement value (code, data of enclave),  signature mismatch will occur. This will not allow the enclave to run. 

 

0 Kudos
Rodolfo_S_
New Contributor III
1,858 Views

Hi, you.

1. Although two different applications can use the same enclave, they do not use the same instance of the enclave. In that sense, an enclave instance is always bound to an application, not only in release mode.

2. To the best of my knowledge there is no recommendation from Intel regarding this.

Best regards,

Rodolfo

0 Kudos
you_w_
New Contributor III
1,858 Views

Hi Anusha K. (Intel)

I have already read that article, it introduced sgx sealing. Using the default policy, enclave seals data with a key derived from MRSIGNER, that means the enclave signed with the same key can unseal the sealed data. And if using  Enclave Identity the same enclave can unseal the sealed data. A two step signing process can make sure the enclave not be modified, but not guarantee  only valid app can load the enclave. what I want to know is that  how to prevent invalid app load my enclave. Thank you.

Regards

you

0 Kudos
you_w_
New Contributor III
1,858 Views

HI Rodolfo S:

Thank you. Although they are not the same instance, if anyone else successfully  load my enclave, then  he can unseal the secret and perform other operation with the secret. Is that right?

Regards 

you

0 Kudos
alc__ria
Beginner
1,858 Views

Hi you w.,

Any update on this issue? I would like to find out the answer.

-ria

0 Kudos
Scott_R_Intel
Moderator
1,858 Views

Hi all.

No, there is no built-in way to prevent one untrusted app from loading another's enclave, as you say, to bind them together.

Regards.

Scott

0 Kudos
Reply