Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How does an enclave get its own MRENCLAVE

jamason
Beginner
988 Views

the intel sgx devleopper guide mentions that there are two methods the application can use to retrieve the MRENCLAVE meas-urement for the enclave, either:

1)The application B retrieves the MRENCLAVE value from the enclave certificate for enclave B.

2) Enclave B supports an interface to export this value which is retrieved by creating a report with a random MRENCLAVE target measurement.

my question is concerning the second method. if enclave B makes an EREPORT call with a random MRENCLAVE as a target measuremnent, what would be in the return value that would allow it to know its own MRENCLAVE.

this also brings me to another question, which is: if any enclave on a platform is allowed to call the EREPORT with any target MRENCLAVE value, isnt that already more data leaked that would be desired. wouldnt it be a form of prompting the platform to confirm/deny the presence of a certain enclave?

 

Thank you

0 Kudos
1 Solution
Juan_d_Intel
Employee
988 Views

In an enclave calls EREPORT with a random MRENCLAVE in the TARGETINFO structure, the REPORT structure will contain such MRENCLAVE. However, this REPORT will be useless.

In addition, calling EREPORT with a random MRENCLAVE doesn't mean that an enclave with such measurement is running on the platform at all.

View solution in original post

0 Kudos
1 Reply
Juan_d_Intel
Employee
989 Views

In an enclave calls EREPORT with a random MRENCLAVE in the TARGETINFO structure, the REPORT structure will contain such MRENCLAVE. However, this REPORT will be useless.

In addition, calling EREPORT with a random MRENCLAVE doesn't mean that an enclave with such measurement is running on the platform at all.

0 Kudos
Reply