Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1405 Discussions

How to get an accurate and reliable time within an enclave

New Contributor I

Hi! I was wondering if there is still a way of getting the trusted time of an enclave? I have already read on this forum that the Platform Services are not supported by Intel SGX anymore, is there anyway to fix these dependencies or any alternative to these features(the get_trusted_time() and  the monotonic counter)? 

Also, how can you make sure to keep an enclave alive as much possible and measure its time? And how much does this depend on its vulnerability to getting lost? From what I have read in the Developer Reference, this forum and the Programming Reference, any app crash loses the enclave. And for within the enclave, in the Programming Reference there is an option to ERESUME an enclave after an Asynchronous Enclave Exit, but this ERESUME is not mentioned anywhere in the latest Developer Reference. And also, there is the power transition issue.

It seems that enclaves are short-lived. I could not find any reference on analysis on the lifespan of an enclave. I would be grateful if there could be any clarification on how long could you design an enclave to last, for the purpose of keeping a secret  within an enclave for a longer period of time(how could you keep an enclave alive for hours or days).

Thank you.

0 Kudos
1 Reply

Hi Anna,

Unfortunately, there is no substitute for get_trusted_time and the monotonic counter.

The ERESUME call is not called explicitly by the application. This is an internal SGX call by the system that resumes execution of the enclave that was interrupted due to an exception or interrupt. The application developer does not control this.

You must remember that an enclave is not an application. An enclave is a library (in Windows it is a DLL, in Linux a .so) of trusted functions that are called by an untrusted application. The application can live and be loaded as long as you’d like and the enclave will be loaded in memory too, ready to receive calls from the application. In order to protect your secret, you should seal it with your enclave and save it periodically in case something happens to the application.


0 Kudos