Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX SDK doubts (TCS, SECS location)


Dear all,

I am trying to understand how SGX works under the hood.

Reading the documentation and inspecting the SDK for Linux (, I noticed something strange about TCS and SECS structures.

According to Overview of Intel (, the last line asserts:

SECS, TCS and VA are initialized and manipulated by the hardware.

However, the TCS and SECS, which are described here (, are commonly used in the uRTS. Especially TCS structures.

For instance in do_ecall() here:

As far as I understood, uRTS code is readable from the untrusted memory. From the previous link, it looks like the TCS is passed to the ECALL, as also looks like here:

So, what I am wondering is: is it possible to read the TCS from the untrusted memory region? Same for SECS.

Or else, did I totally misunderstand the code I posted above? :D

Thanks in advance,

0 Kudos
0 Replies