Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX Sealing vs Proteced File APIs

alc__ria
Beginner
139 Views

Hi,

I need to implement writing/retrieving of files to persistent storage. The files are sensitive in nature and has to be in encrypted form when saved. The files can also be big (can potentially be tens of MBs). I can think of two ways that this can be done:

1. use sgx_seal_data and then make an ocall to fopen/fwrite, or

2. use the protected file apis (sgx_fopen_auto_key, sgx_fwrite, etc).

Option #1 will have limitations on the file size that it can handle (i.e. limited by the enclave heap size, etc). How about option #2, will it have the same limitations? Which is a better option and what other issues should I consider?

Thanks.

 

0 Kudos
1 Reply
Hoang_N_Intel
Employee
139 Views

Please take a look at the "limitation" and "non-objectives" section in this document at https://software.intel.com/sites/default/files/managed/76/8f/OverviewOfIntelProtectedFileSystemLibra...

Reply