Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

EPC protection

Meysam_t_
Beginner
190 Views

Hi folks,

Do you know how SGX makes EPC invisible to OS? I know that there is an ownership mechanism using labels for different enclaves to make sure every enclave is accessing just to its own page inside the EPC; is there a similar mechanism for OS as well? it seems SGX needs more to prevent the adversary OS from EPC? 

 

thanks

Meysam

0 Kudos
1 Reply
yunfeng7854
New Contributor I
190 Views

Intel SGX doesn't trust the OS, so it maintains the EPCM to support page permission check for EPC pages. The security check is performed by extending the page miss handler (PMH).

Please refer to https://eprint.iacr.org/2016/086.pdf, page 93, Sec. 6.2 for more details.

Reply