Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Question on Local Attestation Sample Code shipped in SDK

Sam5
New Contributor I
‎07-19-2016 10:04 PM
674 Views
Solved Jump to solution

Hi,

How enclave1 can transfer the report to enclave2. The report resides in enclave1. From there you could use EEXIT and return a pointer back to the application in untrusted space. The pointer cant be accessed as it points to Enclave. Sending from enclave1 to enclave2 directly is also not possible. Can you explain that part in detail?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-20-2016 02:14 AM
674 Views
Solved Jump to solution

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

Preview file
99 KB
0 Kudos
Copy link

Link Copied

3 Replies
shen_y_
Beginner
‎07-20-2016 01:36 AM
674 Views
Solved Jump to solution

Hi Sam

You can't transfer data from enclave1 to enclave2 directly. You need to get the report of enclave1 to your application and use  enclave interface  ,which is defined in enclave2, to transfer the report to enclave2.  

(report)enclave1=====>application===>enclave2   :)

The report pointer is declared in your application ,not in enclave1. You have to pass the pointer into enclave1 and  get the report using sgx_create_report() function in enclave1.

Thanks,

Yu

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎07-20-2016 02:14 AM
675 Views
Solved Jump to solution

Hi Sam,

The report that resides in enclave1 is first copied to untrusted memory of enclave1's process by the enclave itself. Remember the enclave can access all of the processes memory that is mapped. This is okay because the report does not have any secret. untrusted code then can use IPC provided by all operating systems to transfer the report to enclave2's process which is also untrusted memory. Then un trusted code in process two can call into enclave2 which can then copy the report from untrusted memory of enclave2's process into enclave2's memory.

PFA for your reference for local attestation flow

Thanks and Regards,
Surenthar Selvaraj

Preview file
99 KB
0 Kudos
Copy link
Sam5
New Contributor I
‎07-20-2016 03:18 AM
674 Views
Solved Jump to solution

Thanks for your detailed information

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.