Overview of Intel® Software Guard Extension Enclaves

This post is intended to introduce developers to know about Intel® Software Guard Extensions (Intel® SGX) Enclave. Enclave is the trusted execution environment embedded in a process. This contains protect code and data from disclosure or modification. Enclaves are protected areas of execution. Application code can be put into an enclave via special instructions and software made available to developers via the Intel® SGX SDK. SGX Enclaves are hardened by CPU-based security mechanisms. SGX Enclaves can also be remotely provisioned and attested.

SGX Enclave:

  • Enclaves are isolated memory regions of code and data.
  • One part of physical memory (RAM) is reserved for enclaves. It is called Enclave Page Cache (EPC).
  • EPC memory is encrypted in the main memory (RAM).
  • Trusted hardware consists of the CPU-Die only.
  • EPC is managed by OS/VMM.

In this blog we are going to learn below topics

  1. Enclave Basics and Security Perimeter.
  2. Enclave Measurement.
  3. Execution flow of Enclave.
  4. Develop Sample Enclave Application in SGX.

Please refer the attachment document for detailed topics of Intel SGX Enclave

Download   PDF (581.89 KB)

For more complete information about compiler optimizations, see our Optimization Notice.