cout_display_name
Reputation: 313
Can Intel SGX enclaves run at ring 0?
I gather that SGX enclaves run at ring 3. I want to run a program inside SGX enclave which will want to access kernel data structures and files. Is there any way I could achieve this?
In other words, can we run SGX enclaves using sudo with root privileges?
Upvotes: 1
Views: 414
Answers (2)
Richard Li
Reputation: 416
The way to want to access kernel data structure maybe through OCALL. You can call an OCALL inside of the enclave and let the untrusted code/host application call some system call functions to fetch the data you want.
Upvotes: 0
Surenthar
Reputation: 361
SGX Enclaves currently only allow for Ring 3 code execution. Intel SGX enclave runs in ring 3 only, no kernel mode. Intel SGX objective is secure the application in ring 3 itself.
Upvotes: 1
Related Questions
- Load an application into Intel SGX enclave
- Can 2 processes run on same enclave in intel sgx?
- How does local attestation in Intel SGX make sure code in the Enclave in safe?
- A detail about SGX loading
- Intel SGX Error: What does the 8207 error mean when I cannot load the enclave correct
- Does Intel SGX provide software memory protection in simulation mode?
- Create an enclave in an linux kernel module
- can we run Linux commands inside sgx-enclave?
- Determine SGX enclaves running on same system
- With Intel SGX, can an enclave directly access outside space with a virtual address?