- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and decryption logic involved in between Enclave and CPU?
2. Can I create a windows service using SGX. What will be the issues if I use the SGX developed service in an non SGX machine?
3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.
Regards,
Muthu
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and decryption logic involved in between Enclave and CPU?
The instructions are encrypted while passing it to CPU and it is decrypted inside the CPU cache. The enclave memory is encrypted using industry-standard encryption algorithms with replay protection.
• Tapping the memory or connecting the DRAM modules to another system will only give access to encrypted data.
• The memory encryption key changes every power cycle randomly (for example, boot/sleep/hibernate). The key is stored within the CPU and is not accessible.
2. Can I create a windows service using SGX.
SGX doesn’t supports Windows services
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wanted to clarify
>3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.
>SGX doesn’t supports Windows services
Although you cannot create a Windows service inside an enclave, you can write a Windows service that loads an enclave. A different Windows service could load the same or a different enclave. Those two enclaves could then perform local attestation and talk to each other.
I believe this would meet your requirements.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page