Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1485 Discussions

ENCLAVE DATA STORAGE

ROY__NIRJHAR
Beginner
‎01-15-2019 06:07 AM
1,008 Views

Lets say I have the enclave.cpp file and  I have a global variable "secret _key". Will the variable "secret_key" will reside in the protected enclave space? If not how to have some global variables whose value will be stored in the enclave and not in the untrusted space?

 

Also if i have a function func1() in enclave.cpp but it is not declared in the enclave.edl file,  then will the function be a part of the enclave or will be available in the untrusted memory location?

0 Kudos

Link Copied

2 Replies
Scott_R_Intel
Employee
‎01-15-2019 03:06 PM
1,008 Views

Hello Nirjhar.

Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.  But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.  To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely provision the secret from a remote entity.

Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.  The EDL is just what defines the functions that can be called to/call out from inside the enclave. So in your example, func1() would reside in secure memory and would only be callable from inside the enclave.

Regards.

Scott

 

Copy link
Hszz09
Beginner
‎01-23-2019 01:03 AM
1,008 Views

Hi Scott,

Is there any way to send secrets to the enclave in asymmetrically encrypted way, say ECDSA+AES? with the enclave's public key. So that anybody can just transmit the encrypted data to the untrusted environment and then pass to the enclave.

Or does it has to go by remote attestation in interactive way? that requires the secret holders to be online during the secret transmission.

Scott R. (Intel) wrote:

Hello Nirjhar.

Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.  But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.  To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely provision the secret from a remote entity.

Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.  The EDL is just what defines the functions that can be called to/call out from inside the enclave. So in your example, func1() would reside in secure memory and would only be callable from inside the enclave.

Regards.

Scott

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.