Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

OCAll and ECall Function in Sgx Enclave

SAM_R_2
Beginner
3,077 Views

Hi,

Is it possible to transfer images/files to an oCall function and call an oCall function in an eCall function?

Please let me know your suggestion and opinion.

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
3,077 Views

Hi Sam,

By definition, an OCALL is made from within an ECALL. You enter the enclave with an ECALL. Once in the enclave, if you need to do something like I/O, you then use an OCALL to temporarily exit the enclave to call a function in untrusted space. When that function returns, you are back in the enclave.

A function that you run via an OCALL can even make another ECALL to enter the enclave at a different function (though in the EDL file, you can limit which ECALLs you are allowed to make from within the context of an OCALL).

-Surenthar

View solution in original post

0 Kudos
2 Replies
Surenthar_S_Intel
3,078 Views

Hi Sam,

By definition, an OCALL is made from within an ECALL. You enter the enclave with an ECALL. Once in the enclave, if you need to do something like I/O, you then use an OCALL to temporarily exit the enclave to call a function in untrusted space. When that function returns, you are back in the enclave.

A function that you run via an OCALL can even make another ECALL to enter the enclave at a different function (though in the EDL file, you can limit which ECALLs you are allowed to make from within the context of an OCALL).

-Surenthar

0 Kudos
SAM_R_2
Beginner
3,077 Views

Thanks for your information...

0 Kudos
Reply