Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Limiting host's virtual memory access to Enclave

Perissinotto__Alessi
192 Views

Good morning, I was wondering what  would imply limiting or even blocking the Enclave to access the virtual memory of the host that invokes it?

Would it be achievable?

Thanks

0 Kudos
2 Replies
Scott_R_Intel
Employee
192 Views

Hi Alessia.

If I understand your question correctly, there is no built-in way to block the enclave from accessing the address space of the host process that launches the enclave.  By design, the enclave has full access to all of the host process's mapped address space, but not the other way around, of course (host process can't access enclave's memory).

Regards.

Scott

Perissinotto__Alessi
192 Views

Yes this is was clear to me! My question was if we suppose that the enclave cannot access host virtual memory and host cannot access enclave memory as it is acutally, what would be the implications or the problems that must be faced ? Does the enclave work the same way?

Thanks

Alessia

Reply