⚙️
Morphisms: Confidential Serverless Containers
  • Introduction
  • Preliminaries
    • What is Confidential Computing?
      • Threat Model
      • Intel SGX
        • Threat Model
        • Memory Layout
        • Memory encryption
        • Enclave Lifecycle
        • Entering and Exiting an Enclave
        • Measurement
        • Certificate
        • Key Derivation
        • Attestation
        • Gramine
        • SGX2
        • Secret Key Provisioning
      • AMD SEV-SNP
        • Encrypted CPU Registers
        • Memory encryption
        • Secure Nested Paging
        • Virtual Machine Privilege Levels (VMPL's)
        • Cryptographic Keys
        • Secret Key Provisioning
        • Guest Deployment
    • Serverless (FaaS)
      • Knative
  • Confidential Serverless Containers
    • Introduction
    • Intel SGX
      • Threat Model
      • Remote attestation verification
      • Secure Storage
        • HashiCorp's Vault
      • Architecture
        • Confidential Knative
        • Certificates
        • Session Management
      • Confidential Container Configuration
    • AMD SEV-SNP
      • Threat Model
      • Architecture
        • Network communication
        • KMS
        • Updates
        • Key rotation
      • Design Decision
  • Benchmarks
    • Hardware
    • Results
    • Architecture Comparison
  • Getting Started
    • FAQ
    • Intel SGX
    • AMD SEV-SNP
  • Glossary
    • SGX Glossary
    • AMD SEV-SNP Glossary
Powered by GitBook
On this page
  1. Preliminaries
  2. What is Confidential Computing?
  3. Intel SGX

Enclave Lifecycle

The lifecycle of an enclave is managed by system software and is coupled with the management of EPC pages.

An enclave is created with the ECREATE command and transforms a free EPC page into the SECS by copying the contents of a non-EPC page into the EPC. Since the system software is in the threat model, the CPU validates the content and throws an error if the check fails. If all checks pass, any further SGX instructions issued will trust the validity of the SECS.

After ECREATE, the SECS is set to uninitialized. While the SECS is set to uninitialized, the system software can load the enclave data and code and create TCS and regular pages using the EADD instruction. This is also done by copying the contents of a non-EPC page to an EPC page. The system software selects a virtual address in ELRANGE that is mapped to an EPC page. Each EPC page is associated with access rights that can be specified and stored in the EPCM. Each EADD operation performed by the system software is validated by the CPU before the data is placed in an EPC page. Validation checks performed are, for example, that the targeted EPC page is not already assigned to another enclave, that the virtual address is in the ELRANGE, and that the SECS is not initialized.

EINIT is then called to initialize the SECS. After the SECS is initialized, the EADD instruction is disallowed for that particular enclave. Now the execution of the data begins.

To remove an enclave, the EREMOVE command is used. To release the SECS, all EPC pages linked to the enclave are referencing it in the EPCM and must be released first. However, before an EPC page can be released, the CPU checks that no processor is currently executing any of the code it contains.

PreviousMemory encryptionNextEntering and Exiting an Enclave

Last updated 1 year ago