Konubinix' opinionated web of thoughts

Sgx 101

Fleeting

What are architectural enclaves?

In order to allow a secured SGX environment to execute, several Architectural Enclaves (AE) are involved.

  • Launch Enclave (LE)

    Launch Enclave is responsible for assigning EINITTOKEN to other enclaves wishing to launch on the platform. It verifies whether the requesting enclave is valid or not by examining the enclave’s signature and identity, and generates the EINITTOKEN from Launch Key, which is only available to Launch Enclave.

  • Provisioning Enclave (PvE)

    The Provisioning Enclave is responsible for retrieving the Attestation Key from Intel Provisioning Service using the certificate provided by Provisioning Certificate Enclave.

  • Provisioning Certificate Enclave (PcE)

    Provisioning Certificate Enclave is responsible for signing the processor certificate, which is requested by the provisioning enclave. It signs the certificate using the Provisioning Key, which is only available to Provisioning Certificate Enclave.

  • Quoting Enclave (QE)

    Quoting Enclave is responsible for providing trust in the enclave identity and its execution environment during remote attestation process. It uses the Attestation Key offered by Provisioning Enclave and turns a REPORT (locally verifiable) into a QUOTE (remotely verifiable).

  • Platform Service Enclaves (PSE)

    Platform Service Enclaves are responsible for offering other enclaves various trusted services, such as monotonic counters and trusted time, using Management Engine (ME).

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

In order to allow a secured SGX environment to execute, several Architectural Enclaves (AE) are involved

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

enclave’s code and data is stored in Processor Reserved Memory (PRM),

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

two exchanging enclaves have to prove to each other that they can be trusted

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

How do Application Enclaves communicate with Architectural Enclaves to utilize SGX services?Simply put, it is through Intel SGX AESM, the Application Enclave Service Manager

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

AESM is the system services management agent for SGX enabled applications.

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

Those services include various components of the SGX system, such as launch approval, remote attestation quote signing, etc.

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

AESM is a part of SGX Platform Software

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

AESM runs as a daemon process aesmd when the system starts

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

All the messages transmitted between Architectural and Application Enclaves will go through AESM via this socket, and processed accordingly.

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves

any communication between Architectural and Applications Enclaves requires AESM support, including enclave launch approval

https://sgx101.gitbook.io/sgx101/sgx-bootstrap/enclave/interaction-between-pse-and-application-enclaves