- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
I noticed on a lot of sgx code examples that they explicitly memset allocated variables to 0 before leaving the trusted zone. Any insight on this? Ithought enclaves' EPC is protected and doing memsets will reduce performance of applications.
Thanks!
Kind Regards,
Elephant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The reason of using memset is documented in the SGX Developer Guide at https://download.01.org/intel-sgx/linux-1.9/docs/Intel_SGX_Developer_Guide.pdf under the section of "Disposal of Enclave Secrets".
Here is an excerpt: "The enclave writer must use the memset_s() function to clear any variable that contained secret data. The use of this function guarantees that the compiler will not optimize away the write to memory intended by this function call and thus ensuring the secret data is cleared. Using memset_s() is especially important when secret data is stored in a dynamically allocated buffer"
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The reason of using memset is documented in the SGX Developer Guide at https://download.01.org/intel-sgx/linux-1.9/docs/Intel_SGX_Developer_Guide.pdf under the section of "Disposal of Enclave Secrets".
Here is an excerpt: "The enclave writer must use the memset_s() function to clear any variable that contained secret data. The use of this function guarantees that the compiler will not optimize away the write to memory intended by this function call and thus ensuring the secret data is cleared. Using memset_s() is especially important when secret data is stored in a dynamically allocated buffer"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page