- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am learning SGX and wanted to know how is an enclave is created in a remote machine. As I understood, the enclave should be created locally and should be measured to get MRENCLAVE. Then it should be created in the remote machine and when attested, it should return the same value of MRENCLAVE, right?.
Can we send code and data to the enclave in the remote machine encrypted? if yes, how please? and what will be the value of MRENCLAVE obtained from the remote machine?
Thanks
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
You are correct. If the exact same enclave is loaded in two different machines, their MRENCLAVE's will match.
As a result of the remote attestation process, which is well defined here, a symmetric key is derived, and this key can be used to send encrypted data to/from the enclave. The MRENCLAVE will not change after the enclave loading is completed. SGX1 does not support dynamic changes to enclave code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This means that the code has to be in the remote machine in plaintext to create the enclave in the remote machine?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the initial state of an enclave is always out in the open.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Rodolfo
Does SGX2 support dynamic changes to enclave code?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page