Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
23 Views

Trusted time from enclave

Hi,

Is there a way to get the time when running in enclave mode (without a syscall) and be sure that this is not manipulated by a malicious OS? I know about the RDTSC instruction, but the TSC register can be modified from outside the enclave, so this can not be considered secure. To be more specific, I am interested if we can get the time elapsed  between two instructions executed in enclave mode.

Thank you

0 Kudos
6 Replies
Highlighted
23 Views

You could use "Platform

You could use "Platform Service Functions" - "sgx_get_trusted_time"

The resolution is in seconds though...

0 Kudos
Highlighted
Beginner
23 Views

Hi,

Hi,

I noticed that in the reference manual

https://download.01.org/intel-sgx/linux-1.7/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.7_Open_So...

 

It says (page 199 on my version)

sgx_get_trusted_time
sgx_get_trusted_time gets trusted time from the AE service.
This API is only available in simulation mode

This is at least the case for Linux. 

 

I

0 Kudos
Highlighted
Beginner
23 Views

Hi,

Hi,

Thank you for your replies. sgx_get_trusted_time is the kind of function I was looking for and somehow missed it in the manual, Thanks again.

 

0 Kudos
Highlighted
Beginner
23 Views

As of 2017, in the latest

As of 2017, in the latest processors, the sgx_get_trusted_time is also supported in harwdare mode through PSE (Platform Service Enclaves) maintained and signed by Intel.

0 Kudos
Highlighted
Beginner
23 Views

Hi,

Hi, As of SGX SDK v2.9.1 the sgx_get_trusted_time got deprecated at some point. Is there any other way to get time inside an enclave? Best, Kai
0 Kudos
Highlighted
Moderator
23 Views

Hello Kai,

Hello Kai,

Please see the last post in this thread.

Regards,

Jesus Garcia, Intel Customer Support
0 Kudos