Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Enforcing execute-only memory inside SGX enclaves

New Contributor I

I have a question about enforcing execute-only memory inside SGX enclaves. What I am trying to do is to mark an enclave page as executable and non-readable. The XnR memory has been used by Readactor (link) to protect against return-oriented programming attacks.

As far as I know Intel provides the Extended Page Tables (EPTs) to translate guest physical memory to real physical memory, and it enables execute-only code pages in the guest address space. As both the guest operating system and the VMM are untrusted, I am curious about whether it's possible inside SGX enclaves.


0 Kudos
0 Replies