Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Will SGX_DESTROY_ENCLAVE Wipe Out EPC Pages?

He__Yi
Beginner
883 Views

Hi!

 

It seems like sgx_destroy_enclave will call EREMOVE functions to disconnect the EPC pages to a certain SECS in EPCM.

But does it also wipe out all the contents in the EPC pages? If the page is in DRAM, it would probably be fine to not wiping out data, since data are encrypted when writing from cache to DRAM. What about data still in cache? I am aware that side channel attack is one possible vulnerabilities of SGX. But I'm still curious if EREMOVE or sgx_destroy_enclave will wipe out data in cache.

From the data I collected, sgx_destroy_enclave is pretty efficient. So I guess maybe it doesn't really clear up those pages?

 

 

Thanks!

0 Kudos
1 Solution
JesusG_Intel
Moderator
866 Views

Hello Hiber, we answered your question in this thread.

View solution in original post

2 Replies
hiber
Novice
878 Views

Hello Yi.

I'm sorry to bother you another problem.

In the Intel Enclave Sample code "SealedData", I find the iCLSClient in my compute system components. 

However, I still cannot run it successful. It still returns: "monotonic counter is not supported and trusted time is not supported."

Do you have solved the problem and have some solutions?

Thanks a lot!

0 Kudos
JesusG_Intel
Moderator
867 Views

Hello Hiber, we answered your question in this thread.

Reply