Secure Execution Environments

Guidelines for designing applications using SGX

  • Partition the software into trusted and untrusted components.

  • Use the SGX SDK tools to create the enclave module (a shared object) - it implements the trusted component of the software.

  • The enclave code and data are not secret.

  • Secrets have to be loaded securely (using an ECDH key exchange for example) from a trusted outside source.

  • Enclave data has to be sealed (encrypted and signed) if it is stored outside of the enclave.

  • Enclave data has to be unsealed if it is loaded into the enclave.

PreviousSGX Enclave MemoryNextPerformance Overhead

Last updated