Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Will SGX_DESTROY_ENCLAVE Wipe Out EPC Pages?

He__Yi
Beginner
359 Views

Hi!

 

It seems like sgx_destroy_enclave will call EREMOVE functions to disconnect the EPC pages to a certain SECS in EPCM.

But does it also wipe out all the contents in the EPC pages? If the page is in DRAM, it would probably be fine to not wiping out data, since data are encrypted when writing from cache to DRAM. What about data still in cache? I am aware that side channel attack is one possible vulnerabilities of SGX. But I'm still curious if EREMOVE or sgx_destroy_enclave will wipe out data in cache.

From the data I collected, sgx_destroy_enclave is pretty efficient. So I guess maybe it doesn't really clear up those pages?

 

 

Thanks!

0 Kudos
1 Solution
JesusG_Intel
Moderator
342 Views

Hello Hiber, we answered your question in this thread.

View solution in original post

2 Replies
hiber
Novice
354 Views

Hello Yi.

I'm sorry to bother you another problem.

In the Intel Enclave Sample code "SealedData", I find the iCLSClient in my compute system components. 

However, I still cannot run it successful. It still returns: "monotonic counter is not supported and trusted time is not supported."

Do you have solved the problem and have some solutions?

Thanks a lot!

JesusG_Intel
Moderator
343 Views

Hello Hiber, we answered your question in this thread.

Reply