Community
cancel
Showing results for 
Search instead for 
Did you mean: 
roee_l_
Beginner
130 Views

Intel SGX - Building a trusted enclave within untrusted OS

Jump to solution

Hello, I'm currently researching a little about the Intel SGX instructions and I find it difficult to understand how one can actually **build** a trusted enclave within an untrusted operating system. many of the Intel SGX instructions are ring 0 instructions that require kernel privilege. This implies
that the operating system (most likely) must be involved to provide services (Through e.g. system-calls). How can one trust the OS to actually build a trusted enclave for him?

I did find the following paragraph within Intel manual:

After a page has been added to an enclave, software ca
n measure a 256 byte region as determined by the devel-
oper by invoking EEXTEND. Thus to measure an entire
page, system software must execute EEXTEND 16 times.
Each invocation of EEXTEND adds to the cryptographic lo
g information about which region is being measured and
the measurement of the section.
 
I still do not get, as EEXTEND and EADD should be executed with ring 0 privilege, how can an untrusted OS create a secured enclave. I know that I'm pretty much missing something, please enlighten me.
 
 
0 Kudos
1 Solution
Simon_J_Intel
Employee
130 Views

Section 5 of our whitepaper explains the process for building an enclave. Whilst a Ring0 component executes the instructions, the HW architecture is responsible for the security of the enclave. The measurement created by the HW during this process is inaccessible to the Ring0 component.

At the end of the build process you have an enclave with a measurement and it then uses the attestation process to allow a verifier to determine that the enclave was built as it required and then to deploy a secret to the enclave.

Keys used to keep the secret local are also bound to the measurement of the enclave.

View solution in original post

1 Reply
Simon_J_Intel
Employee
131 Views

Section 5 of our whitepaper explains the process for building an enclave. Whilst a Ring0 component executes the instructions, the HW architecture is responsible for the security of the enclave. The measurement created by the HW during this process is inaccessible to the Ring0 component.

At the end of the build process you have an enclave with a measurement and it then uses the attestation process to allow a verifier to determine that the enclave was built as it required and then to deploy a secret to the enclave.

Keys used to keep the secret local are also bound to the measurement of the enclave.

View solution in original post

Reply