Enforcing execute-only memory inside SGX enclaves

Intel® Software Guard Extensions (Intel® SGX)

Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Enforcing execute-only memory inside SGX enclaves

752 檢視

I have a question about enforcing execute-only memory inside SGX enclaves. What I am trying to do is to mark an enclave page as executable and non-readable. The XnR memory has been used by Readactor (link) to protect against return-oriented programming attacks.

As far as I know Intel provides the Extended Page Tables (EPTs) to translate guest physical memory to real physical memory, and it enables execute-only code pages in the guest address space. As both the guest operating system and the VMM are untrusted, I am curious about whether it's possible inside SGX enclaves.

Thanks

連結已複製

0 回應

週一至週五提供社區支援。請點選這裡查看其他聯絡方式。

Intel 不會確認所有解決方案，包括但不限於可能出現在這個社群的任何檔案傳輸。因此，Intel 不承諾任何明示與暗示保證，包括但不限於適售性的暗示保證、適用於特定用途和無侵權，以及肇因於履行過程、交易過程或商業慣例的任何保證。

如需有關編譯器最佳化更完整的資訊，請參閱最佳化公告.