Reputation: 21
With Intel SGX, can an enclave directly access outside space with a virtual address?
I have seen some opposite opinions. Thanks in advance!
One opinion is that the if the CPU is in enclave mode, it cannot reach a none-EPC page. That's to say, the code in an enclave cannot directly access outside virtual space.
The other opinion is that the enclave can see all the virtual space of this process.
Here's a link!
Upvotes: 1
Views: 561
Answers (2)
Reputation: 21
I checked the Intel manual about SGX again and also asked some Intel guys. Finally, I got the answer.
The code within an enclave can directly write outside memory and directly read outside memory under previous system policy. However, it cannot fetch outside code.
Upvotes: 1
Reputation: 1
Yes, an enclave can access the complete address space of the process. Otherwise, communication between enclave and non-enclave would not be possible.
Upvotes: 0
Related Questions
- Load an application into Intel SGX enclave
- How does local attestation in Intel SGX make sure code in the Enclave in safe?
- How does a client share a secret with an Intel SGX enclave instance, without letting the server hosting the enclave knowing it?
- Can SGX prove two enclaves are on different computers?
- Does Intel SGX provide software memory protection in simulation mode?
- Create an enclave in an linux kernel module
- SGX calculating HMAC inside enclave
- can we run Linux commands inside sgx-enclave?
- Determine SGX enclaves running on same system
- Can Intel SGX enclaves run at ring 0?