Community
cancel
Showing results for 
Search instead for 
Did you mean: 
tae_un_k_
Beginner
177 Views

Is not memory protection in debug mode?

Hello, I'm Tae Un Kang.

I downloaded the "Intel Software Guard Extensions SDK for Windows* OS(Developer References)" document from the intel homepage and read it.
(https://software.intel.com/en-us/sgx-sdk/documentation)

Looking at page 17 of the document, it appears that debug mode does not support memory protection.

The following is mentioned on page 17.

***
The code/data memory inside an enclave launched in debug mode is accessible by the debugger or other software outside of the enclave. Thus, it does not have the same memory access protection as an enclave launched in non-debug mode.
***

Also, If you look at "two approaches to x86 memory encryption", it seems that Intel SGX's memory protection does not work in Debug mode.
(https://lwn.net/Articles/686808)

The following is a part of "two approaches to x86 memory encryption".

***
Instead, enclaves can only run in the "debug mode," where it's possible to read and manipulate data inside the enclave from the rest of the system. That, obviously, detracts from the utility of the feature. It's not entirely clear why this limitation is in place.
***


My question is as follows.

1. Is it necessary to compile in Release mode to use the memory protection feature of Intel SGX?

2. Do I need a Commercial License to compile in Release mode?

3. If Memory is not protected in debug mode, what other functions are available in Intel SGX?

 

Thank you

0 Kudos
1 Reply
Rodolfo_S_
New Contributor III
177 Views

Hi.

Answering your questions below:

1. Is it necessary to compile in Release mode to use the memory protection feature of Intel SGX?

No. You can compile your enclave in Pre-Release mode and still use the memory protection feature.

2. Do I need a Commercial License to compile in Release mode?

Yes.

3. If Memory is not protected in debug mode, what other functions are available in Intel SGX?

Everything that is part of the SDK can be used in debug mode. That is, you can still use all the functionalities of the SDK but data will not be protected by HW.

Regards,

Rodolfo

 

Reply