Running an Enclave with Validated Features

An enclave writer typically depends on the compiler and libraries to utilize the appropriate Extended CPU feature instructions. This means that he/she does not know whether the generated enclave code utilizes any specific Extended CPU feature. The untrusted loader follows a conservative approach and attempts to enable all the Extended CPU Features available on the platform (supported by the CPU and enabled by the OS). However, an advanced enclave writer can override the default settings.

The Enclave Signature Structure (SIGSTRUCT) contains an ATTRIBUTES and ATTRIBUTEMASK fields. The entire ATTRIBUTES field, which includes the X-Features Request Mask (Extended CPU features mask or XFRM) subfield, is integral part of an enclave’s identity (for example, its value is included in the reports generated by the Intel SGX platform, and arbitrary bits from this field can be included in key-derivation requests for keys). Together, the ATTRIBUTES and ATTRIBUTEMASK dictate what Extended CPU features must be enabled on the platform before the Intel® SGX architecture initializes an enclave.

If a bit in SIGSTRUCT.ATTRIBUTEMASK is set to 1, the untrusted loader will have the corresponding enclave ATTRIBUTES and SIGSTRUCT.ATTRIBUTES bits match each other. This means that the corresponding X-Feature will be enabled or disabled based on the SIGSTRUCT.ATTRIBUTES bit and whether said X-Feature is enabled on the platform. If a specific Extended CPU feature is requested (SIGSTRUCT.ATTRIBUTE is 1) but it is not enabled on the platform the enclave will fail to initialize. On the other hand, the Intel SGX architecture will disable any Extended CPU feature enabled on the platform that is not desired (SIGSTRUCT.ATTRIBUTE is 0). When a bit in SIGSTRUCT.ATTRIBUTEMASK is not set, then the untrusted loader will attempt to enable the corresponding Extended CPU feature (default settings).

To ensure that an enclave will only run with features that have been validated and prevent using a configuration that could compromise the enclave’s behavior, set the ATTRIBUTEMASK bits corresponding to the appropriate X features to 1, and set the ATTRIBUTES bits to 1 or 0 depending on whether the specific Extended CPU feature should be enabled or disabled, respectively. Similarly, to guarantee that an enclave does not run in a future processor with a feature that is currently undefined the Intel SGX architecture requires setting the reserved ATTRIBUTEMASK bits to 1 and the reserved ATTRIBUTES bits to 0 (in SIGSTRUCT).

Note:
Do not rely on the enclave attributes to safeguard protected data. An attacker could sign an enclave with different attributes in an attempt to have the enclave crash and leak some secrets. In this scenario, however, the enclave will report a different MRSIGNER during attestation. As long as secrets are not provisioned to an enclave that has not been signed with the ISV key, a well-designed enclave that crashes because it is run with unexpected hardware features will not leak any secrets.

For more complete information about compiler optimizations, see our Optimization Notice.