Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

sealing data with different system software

jamason
Beginner
1,975 Views

Hello,

I would like to get an opinion about the following scenario:

 

  1. Boot the system and launch a linux distribution
  2. start a process which starts an enclave which seals a piece of data to the MRSIGNER of the enclave.
  3. reboot the platform
  4. Boot this time into a windows distribution
  5. unseal the previously sealed data

Would the above scenario allow me to unseal the data, given of course that i am launching the same enclave with the same MRSIGNER into both the linux and windows distributions? 

thank you

 

0 Kudos
1 Solution
Juan_d_Intel
Employee
1,975 Views

Yes, that scenario would work because the sealing key doesn't depend on the OS.

View solution in original post

0 Kudos
3 Replies
Juan_d_Intel
Employee
1,976 Views

Yes, that scenario would work because the sealing key doesn't depend on the OS.

0 Kudos
jamason
Beginner
1,975 Views

thank you.

do you think that there would be a way to seal that piece of data to the MRENCLAVE.

an enclave library layout in linux and windows would be different, hence so would be the MRENCLAVE. but do you know if there would be a way to recognize that enclave as the same one when launched on different os, or at least enable it to seal the same data?

 

 

 

0 Kudos
you_w_
New Contributor III
1,975 Views

Hi jamason:

Till now, this is impossible. With key strategy setting to MrEnclave, you can not unseal the sealed data under different OS.

Regards 

you 

0 Kudos
Reply