Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Trusted time from enclave

Emm_D_
Beginner
786 Views

Hi,

Is there a way to get the time when running in enclave mode (without a syscall) and be sure that this is not manipulated by a malicious OS? I know about the RDTSC instruction, but the TSC register can be modified from outside the enclave, so this can not be considered secure. To be more specific, I am interested if we can get the time elapsed  between two instructions executed in enclave mode.

Thank you

0 Kudos
6 Replies
Francisco_C_Intel
786 Views

You could use "Platform Service Functions" - "sgx_get_trusted_time"

The resolution is in seconds though...

Ofir_W_
Beginner
786 Views

Hi,

I noticed that in the reference manual

https://download.01.org/intel-sgx/linux-1.7/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.7_Open_So...

 

It says (page 199 on my version)

sgx_get_trusted_time
sgx_get_trusted_time gets trusted time from the AE service.
This API is only available in simulation mode

This is at least the case for Linux. 

 

I

Emm_D_
Beginner
786 Views

Hi,

Thank you for your replies. sgx_get_trusted_time is the kind of function I was looking for and somehow missed it in the manual, Thanks again.

 

Fatima_A_
Beginner
786 Views

As of 2017, in the latest processors, the sgx_get_trusted_time is also supported in harwdare mode through PSE (Platform Service Enclaves) maintained and signed by Intel.

kai__chi
Novice
786 Views
Hi, As of SGX SDK v2.9.1 the sgx_get_trusted_time got deprecated at some point. Is there any other way to get time inside an enclave? Best, Kai
JesusG_Intel
Moderator
786 Views

Hello Kai,

Please see the last post in this thread.

Regards,

Reply