If the host system is malicious, it can easily manipulate certain memory pages to be unavailable to trigger page faults to interrupt or infer the execution state in the enclave.
Will Intel add support to handle page faults inside the enclave in later SGX? If so, what is the expected time? If not, what are the considerations?
Thanks in advance!
Hi, I think I am having a similar question. As I can see from the documents, the processor will report a page fault exception to EXINFO and EXITINFO if SECS.MISCSELECT != 0. So maybe the enclave can catch and handle page fault.
Then I tried to set in the enclave configure file to "<MiscSelect>1</MiscSelect>". In this case the enclave cannot be loaded with an error code 0x2010. I also see from the documents that:
(1) MiscSelect and MiscMask are for future functional extension. Currently, MiscSelect must be 0. Otherwise the corresponding enclave may not be loaded successfully. --- SGX SDK Developer Reference for linux os, page 57
(2) If CPUID.(EAX=12H, ECX=0):EBX[31:0] = 0, MISCSELECT must be 0.
If CPUID.(EAX=12H, ECX=0):EBX[31:0] !=0, enclave writers must specify MISCSELECT such that each cleared bit in MISCMASK must also specify the corresponding bit as 0 in MISCSELECT. --- Intel Software Guard Extensions Programming Reference, page 30
And it seems that with query to my processor, the CPUID.(EAX=12H, ECX=0):EBX[31:0] = 0. Maybe that means my processor currently doesn't support this feature?
I am not sure.. and I am wondering: is this a hardware or software restriction? Will SGX v2 be a software or hardware upgrade?
Thanks a lot