Solved: sealing data with different system software

jamason · ‎11-29-2017

Hello,

I would like to get an opinion about the following scenario:

Boot the system and launch a linux distribution
start a process which starts an enclave which seals a piece of data to the MRSIGNER of the enclave.
reboot the platform
Boot this time into a windows distribution
unseal the previously sealed data

Would the above scenario allow me to unseal the data, given of course that i am launching the same enclave with the same MRSIGNER into both the linux and windows distributions?

thank you

Juan_d_Intel · ‎11-29-2017

Yes, that scenario would work because the sealing key doesn't depend on the OS.

View solution in original post

Juan_d_Intel · ‎11-29-2017

Yes, that scenario would work because the sealing key doesn't depend on the OS.

jamason · ‎11-30-2017

thank you.

do you think that there would be a way to seal that piece of data to the MRENCLAVE.

an enclave library layout in linux and windows would be different, hence so would be the MRENCLAVE. but do you know if there would be a way to recognize that enclave as the same one when launched on different os, or at least enable it to seal the same data?

you_w_ · ‎12-05-2017

Hi jamason:

Till now, this is impossible. With key strategy setting to MrEnclave, you can not unseal the sealed data under different OS.

Regards

you