Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1540 讨论

Question on Local Attestation Sample Code shipped in SDK

Sam5
新分销商 I
‎07-19-2016 10:04 PM
1,362 次查看
已解决 跳转至解决方案

Hi,

How enclave1 can transfer the report to enclave2. The report resides in enclave1. From there you could use EEXIT and return a pointer back to the application in untrusted space. The pointer cant be accessed as it points to Enclave. Sending from enclave1 to enclave2 directly is also not possible. Can you explain that part in detail?

-Thanks

0 项奖励
1 解答
Surenthar_S_Intel
员工
‎07-20-2016 02:14 AM
1,362 次查看
已解决 跳转至解决方案

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

在原帖中查看解决方案

预览文件
99 KB
0 项奖励
复制链接

链接已复制

3 回复数
shen_y_
初学者
‎07-20-2016 01:36 AM
1,362 次查看
已解决 跳转至解决方案

Hi Sam

You can't transfer data from enclave1 to enclave2 directly. You need to get the report of enclave1 to your application and use  enclave interface  ,which is defined in enclave2, to transfer the report to enclave2.  

(report)enclave1=====>application===>enclave2   :)

The report pointer is declared in your application ,not in enclave1. You have to pass the pointer into enclave1 and  get the report using sgx_create_report() function in enclave1.

Thanks,

Yu

0 项奖励
复制链接
Surenthar_S_Intel
员工
‎07-20-2016 02:14 AM
1,363 次查看
已解决 跳转至解决方案

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

预览文件
99 KB
0 项奖励
复制链接
Sam5
新分销商 I
‎07-20-2016 03:18 AM
1,362 次查看
已解决 跳转至解决方案

Thanks for your detailed information

0 项奖励
复制链接
回复

周一至周五提供社区支持。请单击 此处查看其他联系方式。

英特尔不会验证所有解决方案,包括但不限于该社区中可能出现的任何文件传输。对此,英特尔不做任何明确或隐含的担保,包括但不限于对适销性、适用于特定用途和非侵权的隐含担保,以及由履约习惯、交易习惯和贸易惯例引起的任何担保。

关于编译器优化的更多完整信息,请参阅我们的 优化通知.