Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
6 Views

Question about ocall and syscall

 

 Hello,

I have a basic question about syscall and ocall.

As I know, system call is prohibited inside the enclave since the operating system is untrusted.

But the developers still can define (insecure) ocall interface, then anyhow system call can be used (indirectly).

My question is, what is the difference, in terms of security, between (1) calling the system call directly inside the enclave and (2) calling ocall function that indirectly calls system call??

The both seems equally insecure to me. What am I missing?

Thank you.

 

 

0 Kudos
0 Replies