The Linux SDK manual says (in documenting the function sgx_create_enclave ):
The valid value is 0 or 1.
0 indicates to create the enclave in non-debug mode. An enclave created in non-debug mode cannot be debugged.
1 indicates to create the enclave in debug mode. The code/data memory inside an enclave created in debug mode is accessible by the debugger or other software outside of the enclave and thus is not under the same memory access protections as an enclave created in non-debug mode.
Does that mean that debug enclaves do not make use of the MEE (memory encryption engine)?
I noticed that if I try to access Enclave memory form the un-trusted code I get abort-page behavior, i.e., I get 0xFFFFFFFF. I assume that means the memory is inside the EPC (Enclave page cache). Is that correct?
Is the entire EPC encrypted, or just non-debug enclaves?