Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

sgx virtualization

jamason
Beginner
446 Views

hello, 

i have 2 questions concerning the use of sgx and sgx sealing functionality in virtualized environments?

 

1. does hyper-v support sgx ?

2- would the following scenario work?

  • launch a clean VM in a hyper-v VM running on top of a windows os.
  • run a linux encalve 1 which seals the data to its MRSIGNER
  • tearodwn the enclave and the VM
  • run an enclave 2 in the host os windows (enclave 1 and enclave 2 have the same MRSIGNER)
  • unseal the data which has been sealed by enclave 1

Thank you

0 Kudos
1 Reply
you_w_
New Contributor III
446 Views

Hi:

1. The answer is no. As far as I know, SGX virtualization only works with kvm and xen Framework.

2. I know that in a same platform you can seal a secret in linux and then unseal with windows by using MrSigner Policy. But whether it works with VMs is depends on the implementation.

Hope someone from sgx kernel develop team explain that.

Thanks 

you

Reply