Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Export enclave

ssziy
Beginner
317 Views

Good morning,

Does Intel SGX SDK provides a way to clone enclaves? That is, being able to boot an enclave from a machine on another machine with exactly the same content / secrets.

0 Kudos
1 Solution
Scott_R_Intel
Employee
317 Views

Hi Stevie.

No, this is not supported, by design.  If you need to share secrets between enclaves between machines, one way to do so would be to use remote attestation to  both enclaves and provision a shared key directly to the enclaves to seal/unseal the secrets between the two enclaves.

Regards.

Scott

View solution in original post

4 Replies
Scott_R_Intel
Employee
318 Views

Hi Stevie.

No, this is not supported, by design.  If you need to share secrets between enclaves between machines, one way to do so would be to use remote attestation to  both enclaves and provision a shared key directly to the enclaves to seal/unseal the secrets between the two enclaves.

Regards.

Scott

ssziy
Beginner
317 Views

Thank you so much for answering my question.

Following your answer I would just like to ask you just one more question. In this case where we talk about sharing/copying secrets between different enclave machines we are also dealing with different enclaves. With this, it is possible to derive a key using the sgx_get_key function in one machine enclave and share it with the other machine enclave to seal and unseal the secrets?

Scott_R_Intel
Employee
317 Views

Hi again.

As mentioned in the post below, SGX keys are unique to each specific platform:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/705026

So, my previous answer still applies... you'd need to utilize SGX remote attestation to provision shared keys between your enclaves if on different machines.

Regards.

Scott

ssziy
Beginner
317 Views

Got it. Thanks again for taking your time to help me Scott. Rest of a good week.

Best regards.

Reply