- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I'm Tae Un Kang.
I downloaded the "Intel Software Guard Extensions SDK for Windows* OS(Developer References)" document from the intel homepage and read it.
(https://software.intel.com/en-us/sgx-sdk/documentation)
Looking at page 17 of the document, it appears that debug mode does not support memory protection.
The following is mentioned on page 17.
***
The code/data memory inside an enclave launched in debug mode is accessible by the debugger or other software outside of the enclave. Thus, it does not have the same memory access protection as an enclave launched in non-debug mode.
***
Also, If you look at "two approaches to x86 memory encryption", it seems that Intel SGX's memory protection does not work in Debug mode.
(https://lwn.net/Articles/686808)
The following is a part of "two approaches to x86 memory encryption".
***
Instead, enclaves can only run in the "debug mode," where it's possible to read and manipulate data inside the enclave from the rest of the system. That, obviously, detracts from the utility of the feature. It's not entirely clear why this limitation is in place.
***
My question is as follows.
1. Is it necessary to compile in Release mode to use the memory protection feature of Intel SGX?
2. Do I need a Commercial License to compile in Release mode?
3. If Memory is not protected in debug mode, what other functions are available in Intel SGX?
Thank you
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
Answering your questions below:
1. Is it necessary to compile in Release mode to use the memory protection feature of Intel SGX?
No. You can compile your enclave in Pre-Release mode and still use the memory protection feature.
2. Do I need a Commercial License to compile in Release mode?
Yes.
3. If Memory is not protected in debug mode, what other functions are available in Intel SGX?
Everything that is part of the SDK can be used in debug mode. That is, you can still use all the functionalities of the SDK but data will not be protected by HW.
Regards,
Rodolfo
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page