so I've recently learned about SGX and intel DCI and got some questions:
Firstly about SGX: as far as I understood the pages are placed in the EPC which is in the PRM. Is there any way to find out where that EPC is located in the RAM? And is it always at a set address or randomly placed in the RAM?
Second question is about Intel DCI and SGX: So via DCI you're supposedly able to step through every single step the CPU is doing to debug the chip. Does that mean that if you had a SGX application and would singlestep though the CPU you could read the data from the enclave at the moment the CPU is processing it? Or are there some security measurements preventing that? Also if you were to use DCI to grab the memory of the EPC that would be encrypted as far as I understand. Or would you be able to grab the unencrypted data via the DCI interface?
Thanks in advance!
From one boot to the next, the EPC base address is pretty deterministic and you can get it in a few ways.
See the description of the CPUID instruction in Chapter 3, “Instruction Set Reference, A-L,” of the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2A. In Table 3-8, look for this entry:
|EAX[31:12]: Bits 31:12 of the physical address of the base of the EPC section.
EBX[19:00]: Bits 51:32 of the physical address of the base of the EPC section."
You can find this value by typing:
$ cpuid -l 0x12 -s 0x2
Unless something changes in the memory configuration (add/remove memory), or memory ranges are stolen for other uses, it’ll usually be placed at the same base address by the BIOS every boot.
I am waiting on information regarding Intel DCI. Please stay tuned.