Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1467 Discussions

Using Global variables and malloc function inside Enclave


Hi, I have trouble in applying SGX to my application

I want to keep an value inside Enclave while I'm using application.

For example, I define account balance variable inside Enclave and want to keep the value of it while I'm using the application.

but If I put the account balance variable in the trusted functions inside enclave as a local variable, the value would be gone after using the function and I couldn't keep the value.

So I tried to define it as a global variable inside Enclave but the global variable was not encrypted unlike the local variables (* I checked it by using Cheat Engine. I couldn't scan local variables but could scan global variables)

Could I use global variable inside enclave securely?

I hope to know how to use the global variables in enclave if I could use them.

or If there is another way to keep value inside Enclave safely, I hope to know how to do.

(I'm guessing there could be a way to allocate memory safely using malloc function ..)

Thanks for reading my question :)

Best regards


0 Kudos
3 Replies
New Contributor III


I think there is something wrong with your code. The enclave global variables is encrypted. In your case, you may use the global  variables outside the enclave. Did you clear up the secret after you use it ? I mean after you get the global variable via an Ecall function you should clear the utrusted buffer which receives the value. 




0 Kudos

Hi, you

Thank you for answering my question.

But I think I followed the SGX format. Maybe I am missing something.

I wish you could check my sample code.

*** Enclave2.cpp

#include "Enclave2_t.h"

#include "sgx_trts.h"

int balance;

void setBalance(int input) {
	balance = input;

void withdraw(int money) {
	balance -= money;

int getBalance() {
	return balance;


*** Enclave2.edl

enclave {
    from "sgx_tstdc.edl" import *;
    trusted {
		public void setBalance(int input);
		public void withdraw(int money);
		public int getBalance(); 



#include <stdio.h>
#include <tchar.h>
#include "sgx_urts.h"
#include "Enclave2_u.h"

#define ENCLAVE_FILENAME _T("Enclave2.signed.dll")

int main() {
	sgx_enclave_id_t eid;
	sgx_status_t ret = SGX_SUCCESS;
	sgx_launch_token_t token = { 0 };
	int updated = 0;
	int balance;
	ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);

	setBalance(eid, 1000);
	withdraw(eid, 200);

	//I scanned 800 here for global variable balance in Enclave2.cpp 
	//and found 9 memory address with value 800, I changed them all to 400 by using cheat engine
	withdraw(eid, 100); 
	//and here one of them decreased to 300
	//I think the value must be the global variable  

	if (SGX_SUCCESS != sgx_destroy_enclave(eid))
		printf("\nApp: error, failed to destroy enclave.\n");
	return 0;


If I miss something, please let me know.

Thanks for reading my question.

Best regards


0 Kudos

I asked about a similar matter in my recent post, so i think for future reference it will be good to post the answer here too.

There is a detailed answer in intel/sgx/issues on github. The PowerTransition sample code demonstrates exactly how to use a global variable to keep valid data inside the enclave till it's destruction.

0 Kudos