Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
12 Views

Do Intel SGX processor use any Criptographic method to make data secure?


1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and  decryption logic involved in between Enclave and CPU?

2. Can I create a windows service using SGX. What will be the issues if I use the SGX developed service in an non SGX machine?


3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.

Regards,
Muthu

0 Kudos
2 Replies
Highlighted
12 Views

Hi,

1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and  decryption logic involved in between Enclave and CPU?
The instructions are encrypted while passing it to CPU and it is decrypted inside the CPU cache. The enclave memory is encrypted using industry-standard encryption algorithms with replay protection.

• Tapping the memory or connecting the DRAM modules to another system will only give access to encrypted data.

• The memory encryption key changes every power cycle randomly (for example, boot/sleep/hibernate). The key is stored within the CPU and is not accessible.

2. Can I create a windows service using SGX.

SGX doesn’t supports Windows services 

0 Kudos
Highlighted
12 Views

I wanted to clarify

>3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.

>SGX doesn’t supports Windows services 

Although you cannot create a Windows service inside an enclave, you can write a Windows service that loads an enclave. A different Windows service could load the same or a different enclave. Those two enclaves could then perform local attestation and talk to each other.

I believe this would meet your requirements.

0 Kudos