Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Export enclave

ssziy
Beginner
987 Views

Good morning,

Does Intel SGX SDK provides a way to clone enclaves? That is, being able to boot an enclave from a machine on another machine with exactly the same content / secrets.

0 Kudos
1 Solution
Scott_R_Intel
Employee
987 Views

Hi Stevie.

No, this is not supported, by design.  If you need to share secrets between enclaves between machines, one way to do so would be to use remote attestation to  both enclaves and provision a shared key directly to the enclaves to seal/unseal the secrets between the two enclaves.

Regards.

Scott

View solution in original post

0 Kudos
4 Replies
Scott_R_Intel
Employee
988 Views

Hi Stevie.

No, this is not supported, by design.  If you need to share secrets between enclaves between machines, one way to do so would be to use remote attestation to  both enclaves and provision a shared key directly to the enclaves to seal/unseal the secrets between the two enclaves.

Regards.

Scott

0 Kudos
ssziy
Beginner
987 Views

Thank you so much for answering my question.

Following your answer I would just like to ask you just one more question. In this case where we talk about sharing/copying secrets between different enclave machines we are also dealing with different enclaves. With this, it is possible to derive a key using the sgx_get_key function in one machine enclave and share it with the other machine enclave to seal and unseal the secrets?

0 Kudos
Scott_R_Intel
Employee
987 Views

Hi again.

As mentioned in the post below, SGX keys are unique to each specific platform:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

So, my previous answer still applies... you'd need to utilize SGX remote attestation to provision shared keys between your enclaves if on different machines.

Regards.

Scott

0 Kudos
ssziy
Beginner
987 Views

Got it. Thanks again for taking your time to help me Scott. Rest of a good week.

Best regards.

0 Kudos
Reply