Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor I
41 Views

Question on Local Attestation Sample Code shipped in SDK

Jump to solution

Hi,

How enclave1 can transfer the report to enclave2. The report resides in enclave1. From there you could use EEXIT and return a pointer back to the application in untrusted space. The pointer cant be accessed as it points to Enclave. Sending from enclave1 to enclave2 directly is also not possible. Can you explain that part in detail?

-Thanks

0 Kudos

Accepted Solutions
Highlighted
41 Views

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
3 Replies
Highlighted
Beginner
41 Views

Hi Sam

You can't transfer data from enclave1 to enclave2 directly. You need to get the report of enclave1 to your application and use  enclave interface  ,which is defined in enclave2, to transfer the report to enclave2.  

(report)enclave1=====>application===>enclave2   :)

The report pointer is declared in your application ,not in enclave1. You have to pass the pointer into enclave1 and  get the report using sgx_create_report() function in enclave1.

Thanks,

Yu

0 Kudos
Highlighted
42 Views

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
Highlighted
New Contributor I
41 Views

Thanks for your detailed information

0 Kudos