Disposal of Enclave Secrets

Enclave secrets may be safely stored outside the enclave boundary after such secrets are properly sealed. However, there are certain instances where a secret, such as the seal key, needs to be disposed of inside the enclave. The enclave writer must use the memset_s() function to clear any variable that contained secret data. The use of this function guarantees that the compiler will not optimize away the write to memory intended by this function call and thus ensuring the secret data is cleared. Using memset_s() is especially important when secret data is stored in a dynamically allocated buffer. After such a buffer is freed it could be reallocated and its previous contents, if they are not erased, may be leaked outside the enclave.

The implementation of memset_s() is not performance optimized so the use of memset() is appropriate to initialize buffers and clear buffers that do not contain secret data.

For more complete information about compiler optimizations, see our Optimization Notice.