Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Question to Thread Context

Joe63
Beginner
818 Views

In the developer Guide (chapter Programming Model) is stated that the untrusted code selects the thread context to be used within the enclave.

1. Can someone explain me explain me how i can select that Thread context for enclaves?  

2. Also is this a security problem? The other lists in Programming Models are naming some security related facts like: "A bug in the TCB can compromise the hole enclave, so keep it small". Is there also a security problem because the untrusted code seelcts the thread context?

 

Here is the definition of a Thread Context: 

  • Thread Control Structure (TCS)
  • Thread Data/Thread Local Storage – data within the enclave and specific to the thread
  • State Save Area (SSA) – a data buffer which holds register state when - 4 - an enclave must exit due to an interrupt or exception
  • Stack – a stack located within the enclave
0 Kudos
2 Replies
Surenthar_S_Intel
818 Views

Hi,

Please refer the Intel SGX Developer Reference guide (https://software.intel.com/en-us/documentation/sgx-sdk-developer-reference) "Enclave Settings" and "Enclave Configuration File" Topic for your reference.

-Surenthar

0 Kudos
Juan_d_Intel
Employee
818 Views

Letting the untrusted code select the Thread Context is not a security risk, because:

  1. All thread contexts are equivalent, i.e. it doesn't matter which one the untrusted code chooses.
  2. The untrusted code cannot modify any area of a thread context.

The enclave controls what happens inside the enclave but it cannot control what happens outside, i.e. how enclave calls are made (what thread context, when, in what order, etc.).

0 Kudos
Reply