Community
cancel
Showing results for 
Search instead for 
Did you mean: 
M_A_2
Beginner
57 Views

How is enclave created remotely

Hi,

I am learning SGX and wanted to know how is an enclave is created in a remote machine. As I understood, the enclave should be created locally and should be measured to get MRENCLAVE. Then it should be created in the remote machine and when attested, it should return the same value of MRENCLAVE, right?.

Can we send code and data to the enclave in the remote machine encrypted? if yes, how please? and what will be the value of MRENCLAVE obtained from the remote machine?

Thanks

 

 

0 Kudos
4 Replies
Rodolfo_S_
New Contributor III
57 Views

Hi.

You are correct. If the exact same enclave is loaded in two different machines, their MRENCLAVE's will match.

As a result of the remote attestation process, which is well defined here, a symmetric key is derived, and this key can be used to send encrypted data to/from the enclave. The MRENCLAVE will not change after the enclave loading is completed. SGX1 does not support dynamic changes to enclave code.

M_A_2
Beginner
57 Views

 

This means that the code has to be in the remote machine in plaintext to create the enclave in the remote machine?

AArya2
New Contributor I
57 Views

Yes, the initial state of an enclave is always out in the open.

AArya2
New Contributor I
57 Views

@Rodolfo

Does SGX2 support dynamic changes to enclave code?

Reply