Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Understanding the INTEL-SA-00219



I would like to understand how the mitigation solution would be for normal malloc (non-structured) with the latest APIs to solve the  CVE-2019-0117 issue.  In the developer guide provided by Intel, it seems like the APIs only work with structures and not arbitrary-sized secret data.  If I need to align my "secret data", can I do the following:

align_req_t req[] = {
    {0, SIZE_OF_SECRET},

uint8_t *secret = (uint8_t *)sgx_aligned_malloc(SIZE_OF_SECRET, 1, req, 1);

// use secret here...

will this be necessary for all the mallocs I have inside my enclave code that handles confidential data?


Thanks a lot for your help!

- elephant

0 Kudos
0 Replies