Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

encrypted memory through mmap

Dvorak_d_
Beginner
351 Views

Hi Folks, a quick N00b question:

Inside an Enclave, if I allocate memory via malloc, will the allocated pages be encrypted? If yes, does it mean that as long as I'm not doing any ocalls inside the Enclave, all memory is encrypted inside the enclave?

E.g. I can compile/statically link whatever library I need (maybe an openssl without I/O) and use it inside an Enclave without any modification, right?

Thanks

-Dvorak

 

0 Kudos
1 Solution
Francisco_C_Intel
351 Views

>Inside an Enclave, if I allocate memory via malloc, will the allocated pages be encrypted?

Yes.

>If yes, does it mean that as long as I'm not doing any ocalls inside the Enclave, all memory is encrypted inside the enclave?

Correct. Note that the enclave itself is not encrypted before it is loaded.

>E.g. I can compile/statically link whatever library I need (maybe an openssl without I/O) and use it inside an Enclave without any modification, right?

If you have the source for such a library, and you can build it using the SGX SDK, then yes you can link it statically and place it inside an enclave. If your library does end up using any illegal instructions your enclave will fail as described in the reference manuals.

View solution in original post

1 Reply
Francisco_C_Intel
352 Views

>Inside an Enclave, if I allocate memory via malloc, will the allocated pages be encrypted?

Yes.

>If yes, does it mean that as long as I'm not doing any ocalls inside the Enclave, all memory is encrypted inside the enclave?

Correct. Note that the enclave itself is not encrypted before it is loaded.

>E.g. I can compile/statically link whatever library I need (maybe an openssl without I/O) and use it inside an Enclave without any modification, right?

If you have the source for such a library, and you can build it using the SGX SDK, then yes you can link it statically and place it inside an enclave. If your library does end up using any illegal instructions your enclave will fail as described in the reference manuals.

Reply