- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As I know,the core technology of SGX is to protect a memory area from being accessed by external environment, but I test that when I apply for a memory in Enclave,whatever in Real hardware mode or simulator mode, I can still access the memory in Enclave by calling OCALL outgoing address and using memory tools (such as Cheat Engine). And When I destroy the Encalve,the memory pointed by the address is also free.
I used the code sample in this tutorial as a test program : https://software.intel.com/en-us/node/701612
In this tutorial,He explained that the ECALL parameter passing without the user_check flag, the parameter address in non-secure area and the safe area will be different. But these two pointers can be accessed externally (For example, using Cheat Engine), then it's meaningless even if the two addresses are different.
Are there any mistakes in my steps?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order to prevent an enclave from being debugged, in the application, the enclave must be loaded in the non-debug mode.
To load an enclave in debug mode, the debugger flag (the second parameter of sgx_create_enclave) must be TRUE.
To load it in non-debug mode, you need to pass in FALSE.
See https://software.intel.com/en-us/blogs/2016/01/07/intel-sgx-debug-production-prelease-whats-the-difference , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/681473 , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/737509 for more information.
Thanks,
Francisco
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order to prevent an enclave from being debugged, in the application, the enclave must be loaded in the non-debug mode.
To load an enclave in debug mode, the debugger flag (the second parameter of sgx_create_enclave) must be TRUE.
To load it in non-debug mode, you need to pass in FALSE.
See https://software.intel.com/en-us/blogs/2016/01/07/intel-sgx-debug-production-prelease-whats-the-difference , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/681473 , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/737509 for more information.
Thanks,
Francisco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Francisco C. (Intel) wrote:In order to prevent an enclave from being debugged, in the application, the enclave must be loaded in the non-debug mode.
To load an enclave in debug mode, the debugger flag (the second parameter of sgx_create_enclave) must be TRUE.
To load it in non-debug mode, you need to pass in FALSE.
See https://software.intel.com/en-us/blogs/2016/01/07/intel-sgx-debug-production-prelease-whats-the-difference , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/681473 , https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/737509 for more information.
Thanks,
Francisco
Thank you so much!
Ray
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page