Good morning, I was wondering what would imply limiting or even blocking the Enclave to access the virtual memory of the host that invokes it?
Would it be achievable?
If I understand your question correctly, there is no built-in way to block the enclave from accessing the address space of the host process that launches the enclave. By design, the enclave has full access to all of the host process's mapped address space, but not the other way around, of course (host process can't access enclave's memory).
Yes this is was clear to me! My question was if we suppose that the enclave cannot access host virtual memory and host cannot access enclave memory as it is acutally, what would be the implications or the problems that must be faced ? Does the enclave work the same way?