Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

How are Provisioning and Quoting Enclaves launched

AB_
Beginner
‎10-28-2017 04:29 PM
549 Views

I understand that Provisioning Enclave (PvE) is a special enclave. Please clarify the following questions.

  1. How is the PvE launched?
  2. What does it mean that it is provided by Intel? Specifically, is there a  priviliged software (provided/used by Intel) that creates and launches PvE, and that is somehow not accessible to application developers? I am assuming that sgx_create_enclave() cannot be used to create this special enclave.
  3. Is that a software run enclave or a microcode run?
  4. I have similar questions for Quoting Enclave too. How is this launched?
0 Kudos

Link Copied

2 Replies
you_w_
New Contributor III
‎10-29-2017 06:38 PM
549 Views

Hi AB.

To find out answer of these questions, I advise that you can read the source code of PSW. All the achitecture build-in enclaves are inside the PSW package.

Regars

you

0 Kudos
Copy link
Rafal_W_
Beginner
‎11-08-2017 11:07 PM
549 Views

Architectural enclaves are loaded by the aesm service "when needed". That means PvE is loaded during the EPID join process, QE is loaded the first time you request a quote etc.

Architectural enclaves are signed by a special Intel key that is privileged (CPU/microcode checks the signature and only allows enclaves signed with this key to be privileged). Documentation mentions possibility for custom Launch Enclaves (not signed by Intel), but this currently is not possible as far as I know.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.