I need to implement writing/retrieving of files to persistent storage. The files are sensitive in nature and has to be in encrypted form when saved. The files can also be big (can potentially be tens of MBs). I can think of two ways that this can be done:
1. use sgx_seal_data and then make an ocall to fopen/fwrite, or
2. use the protected file apis (sgx_fopen_auto_key, sgx_fwrite, etc).
Option #1 will have limitations on the file size that it can handle (i.e. limited by the enclave heap size, etc). How about option #2, will it have the same limitations? Which is a better option and what other issues should I consider?