Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1457 Discussions

How to get an accurate and reliable time within an enclave

Criston__Anna
New Contributor I
‎06-04-2020 02:14 PM
619 Views

Hi! I was wondering if there is still a way of getting the trusted time of an enclave? I have already read on this forum that the Platform Services are not supported by Intel SGX anymore, is there anyway to fix these dependencies or any alternative to these features(the get_trusted_time() and  the monotonic counter)? 

Also, how can you make sure to keep an enclave alive as much possible and measure its time? And how much does this depend on its vulnerability to getting lost? From what I have read in the Developer Reference, this forum and the Programming Reference, any app crash loses the enclave. And for within the enclave, in the Programming Reference there is an option to ERESUME an enclave after an Asynchronous Enclave Exit, but this ERESUME is not mentioned anywhere in the latest Developer Reference. And also, there is the power transition issue.

It seems that enclaves are short-lived. I could not find any reference on analysis on the lifespan of an enclave. I would be grateful if there could be any clarification on how long could you design an enclave to last, for the purpose of keeping a secret  within an enclave for a longer period of time(how could you keep an enclave alive for hours or days).
 

Thank you.

0 Kudos

Link Copied

1 Reply
JesusG_Intel
Moderator
‎06-05-2020 06:45 AM
619 Views

Hi Anna,

Unfortunately, there is no substitute for get_trusted_time and the monotonic counter.

The ERESUME call is not called explicitly by the application. This is an internal SGX call by the system that resumes execution of the enclave that was interrupted due to an exception or interrupt. The application developer does not control this.

You must remember that an enclave is not an application. An enclave is a library (in Windows it is a DLL, in Linux a .so) of trusted functions that are called by an untrusted application. The application can live and be loaded as long as you’d like and the enclave will be loaded in memory too, ready to receive calls from the application. In order to protect your secret, you should seal it with your enclave and save it periodically in case something happens to the application.

Regards,

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.