Is there a way to get the time when running in enclave mode (without a syscall) and be sure that this is not manipulated by a malicious OS? I know about the RDTSC instruction, but the TSC register can be modified from outside the enclave, so this can not be considered secure. To be more specific, I am interested if we can get the time elapsed between two instructions executed in enclave mode.
I noticed that in the reference manual
It says (page 199 on my version)
sgx_get_trusted_time gets trusted time from the AE service.
This API is only available in simulation mode
This is at least the case for Linux.
As of 2017, in the latest processors, the sgx_get_trusted_time is also supported in harwdare mode through PSE (Platform Service Enclaves) maintained and signed by Intel.