Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

OCAll and ECall Function in Sgx Enclave

SAM_R_2
Beginner
1,432 Views

Hi,

Is it possible to transfer images/files to an oCall function and call an oCall function in an eCall function?

Please let me know your suggestion and opinion.

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
1,432 Views

Hi Sam,

By definition, an OCALL is made from within an ECALL. You enter the enclave with an ECALL. Once in the enclave, if you need to do something like I/O, you then use an OCALL to temporarily exit the enclave to call a function in untrusted space. When that function returns, you are back in the enclave.

A function that you run via an OCALL can even make another ECALL to enter the enclave at a different function (though in the EDL file, you can limit which ECALLs you are allowed to make from within the context of an OCALL).

-Surenthar

View solution in original post

2 Replies
Surenthar_S_Intel
1,433 Views

Hi Sam,

By definition, an OCALL is made from within an ECALL. You enter the enclave with an ECALL. Once in the enclave, if you need to do something like I/O, you then use an OCALL to temporarily exit the enclave to call a function in untrusted space. When that function returns, you are back in the enclave.

A function that you run via an OCALL can even make another ECALL to enter the enclave at a different function (though in the EDL file, you can limit which ECALLs you are allowed to make from within the context of an OCALL).

-Surenthar

SAM_R_2
Beginner
1,432 Views

Thanks for your information...

Reply