Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Question on Local Attestation Sample Code shipped in SDK

Sam5
New Contributor I
214 Views

Hi,

How enclave1 can transfer the report to enclave2. The report resides in enclave1. From there you could use EEXIT and return a pointer back to the application in untrusted space. The pointer cant be accessed as it points to Enclave. Sending from enclave1 to enclave2 directly is also not possible. Can you explain that part in detail?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
214 Views

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

3 Replies
shen_y_
Beginner
214 Views

Hi Sam

You can't transfer data from enclave1 to enclave2 directly. You need to get the report of enclave1 to your application and use  enclave interface  ,which is defined in enclave2, to transfer the report to enclave2.  

(report)enclave1=====>application===>enclave2   :)

The report pointer is declared in your application ,not in enclave1. You have to pass the pointer into enclave1 and  get the report using sgx_create_report() function in enclave1.

Thanks,

Yu

Surenthar_S_Intel
215 Views

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

Sam5
New Contributor I
214 Views

Thanks for your detailed information

Reply