Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

EPC protection

Meysam_t_
Beginner
‎06-23-2017 04:07 PM
416 Views

Hi folks,

Do you know how SGX makes EPC invisible to OS? I know that there is an ownership mechanism using labels for different enclaves to make sure every enclave is accessing just to its own page inside the EPC; is there a similar mechanism for OS as well? it seems SGX needs more to prevent the adversary OS from EPC? 

 

thanks

Meysam

0 Kudos

Link Copied

1 Reply
yunfeng7854
New Contributor I
‎06-24-2017 06:14 AM
416 Views

Intel SGX doesn't trust the OS, so it maintains the EPCM to support page permission check for EPC pages. The security check is performed by extending the page miss handler (PMH).

Please refer to https://eprint.iacr.org/2016/086.pdf, page 93, Sec. 6.2 for more details.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.