Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1509 Discussions

Pass a TCP connection into a SGX enclave

johnsnow
Beginner
‎03-12-2025 03:17 PM
144 Views

Hello everyone,

I'm wondering if it is possible to pass a TCP connection into a SGX enclave.
Lets say there is a server A (outside of the enclave) that listens on a TCP port and accepts incoming connections.
Now there is also a server B (inside the enclave). Can server A accept a TCP connection, and then pass the file descriptor to server B in the enclave, so that server B can read and write to that connection?

If server B was not in an enclave, this would be possible. Server A could send the file descriptor from the TCP connection to server B via UNIX sockets and the SCM_RIGHTS mechanism. This will cause the kernel to intercept the message, and it will copy the file descriptor into the receiving process's file descriptor table. 
However, this requires the UNIX commands sendmsg() and recvmsg(), which are not supported in gramine: https://gramine.readthedocs.io/en/latest/devel/features.html


Is there another way of achieving this?

Thank you!

0 Kudos

Link Copied

2 Replies
Benny_Intel
Moderator
‎03-12-2025 03:27 PM
133 Views

Hello,

For Gramine related questions, please use one of the Gramine support channels listed on https://gramine.readthedocs.io/en/stable/#getting-help.

Best regards,
Benny 

0 Kudos
Copy link
johnsnow
Beginner
‎03-12-2025 03:29 PM
132 Views

Thanks for the quick response. I'm actually not using Gramine. This is more of a general SGX question.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.