🎭Features
Intel SGX enclaves revolve around the following capabilities:
Memory Confidentiality
SGX-enabled programs are stored in clear text. However, when data is moved from the processor to the main memory, the processor encrypts it using an SGX-specific key known only to the CPU. Acting as a trust anchor, the CPU securely stores the key, effectively enclaving
the program in memory.
Execution Integrity
Enclaved programs possess a cryptographic identity that allows them to verify the authenticity of their code. Integrity protection is maintained during runtime, and if any part of the enclaved microcode is altered, the CPU detects the modification.
Key Derivation
The SGX processor can derive and store additional key material for encrypting state
outside of the enclave or establishing a secure channel to another enclave. By default, an enclave is a volatile memory process and is erased after termination. To persist enclaves, binding/sealing keys are derived to encrypt the state and store it on a persistent volume. Keys are associated either with the enclave's identity (binding key
) or the platform (sealing
).
Enclave Measurement
An essential aspect of enclaving applications is the ability to prove the enclave's identity to another enclave or a third party. This is achieved by requesting the CPU to measure the enclave. The SGX security processor acts as a trusted entity in this process.
Other principles, such as attestation, key provisioning, and migration, are derived from these properties.
Last updated