Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

sealing data with different system software

jamason
Beginner
261 Views

Hello,

I would like to get an opinion about the following scenario:

 

  1. Boot the system and launch a linux distribution
  2. start a process which starts an enclave which seals a piece of data to the MRSIGNER of the enclave.
  3. reboot the platform
  4. Boot this time into a windows distribution
  5. unseal the previously sealed data

Would the above scenario allow me to unseal the data, given of course that i am launching the same enclave with the same MRSIGNER into both the linux and windows distributions? 

thank you

 

0 Kudos
1 Solution
Juan_d_Intel
Employee
261 Views

Yes, that scenario would work because the sealing key doesn't depend on the OS.

View solution in original post

3 Replies
Juan_d_Intel
Employee
262 Views

Yes, that scenario would work because the sealing key doesn't depend on the OS.

jamason
Beginner
261 Views

thank you.

do you think that there would be a way to seal that piece of data to the MRENCLAVE.

an enclave library layout in linux and windows would be different, hence so would be the MRENCLAVE. but do you know if there would be a way to recognize that enclave as the same one when launched on different os, or at least enable it to seal the same data?

 

 

 

you_w_
New Contributor III
261 Views

Hi jamason:

Till now, this is impossible. With key strategy setting to MrEnclave, you can not unseal the sealed data under different OS.

Regards 

you 

Reply