Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Limiting host's virtual memory access to Enclave

Perissinotto__Alessi
Beginner
‎02-27-2019 03:11 AM
362 Views

Good morning, I was wondering what  would imply limiting or even blocking the Enclave to access the virtual memory of the host that invokes it?

Would it be achievable?

Thanks

0 Kudos

Link Copied

2 Replies
Scott_R_Intel
Employee
‎02-27-2019 05:37 AM
362 Views

Hi Alessia.

If I understand your question correctly, there is no built-in way to block the enclave from accessing the address space of the host process that launches the enclave.  By design, the enclave has full access to all of the host process's mapped address space, but not the other way around, of course (host process can't access enclave's memory).

Regards.

Scott

0 Kudos
Copy link
Perissinotto__Alessi
Beginner
‎02-27-2019 05:41 AM
362 Views

Yes this is was clear to me! My question was if we suppose that the enclave cannot access host virtual memory and host cannot access enclave memory as it is acutally, what would be the implications or the problems that must be faced ? Does the enclave work the same way?

Thanks

Alessia

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.