Community
cancel
Showing results for 
Search instead for 
Did you mean: 
ROY__NIRJHAR
Beginner
95 Views

ENCLAVE DATA STORAGE

Lets say I have the enclave.cpp file and  I have a global variable "secret _key". Will the variable "secret_key" will reside in the protected enclave space? If not how to have some global variables whose value will be stored in the enclave and not in the untrusted space?

 

Also if i have a function func1() in enclave.cpp but it is not declared in the enclave.edl file,  then will the function be a part of the enclave or will be available in the untrusted memory location?

0 Kudos
2 Replies
Scott_R_Intel
Employee
95 Views

Hello Nirjhar.

Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.  But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.  To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely provision the secret from a remote entity.

Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.  The EDL is just what defines the functions that can be called to/call out from inside the enclave. So in your example, func1() would reside in secure memory and would only be callable from inside the enclave.

Regards.

Scott

 

Hszz09
Beginner
95 Views

Hi Scott,

Is there any way to send secrets to the enclave in asymmetrically encrypted way, say ECDSA+AES? with the enclave's public key. So that anybody can just transmit the encrypted data to the untrusted environment and then pass to the enclave.

Or does it has to go by remote attestation in interactive way? that requires the secret holders to be online during the secret transmission.

Scott R. (Intel) wrote:

Hello Nirjhar.

Yes, once an enclave is instantiated, global variables in the enclave reside in protected memory.  But, to be clear, any variables initialized at compile time will be in the clear in the enclave binary, as that is not encrypted in any way.  To get a "secret_key" securely into your enclave you would need to use SGX remote attestation to help securely provision the secret from a remote entity.

Any function defined in your enclave.cpp will also be in trusted memory, whether its defined in the EDL or not.  The EDL is just what defines the functions that can be called to/call out from inside the enclave. So in your example, func1() would reside in secure memory and would only be callable from inside the enclave.

Regards.

Scott