⚙️
Morphisms: Confidential Serverless Containers
  • Introduction
  • Preliminaries
    • What is Confidential Computing?
      • Threat Model
      • Intel SGX
        • Threat Model
        • Memory Layout
        • Memory encryption
        • Enclave Lifecycle
        • Entering and Exiting an Enclave
        • Measurement
        • Certificate
        • Key Derivation
        • Attestation
        • Gramine
        • SGX2
        • Secret Key Provisioning
      • AMD SEV-SNP
        • Encrypted CPU Registers
        • Memory encryption
        • Secure Nested Paging
        • Virtual Machine Privilege Levels (VMPL's)
        • Cryptographic Keys
        • Secret Key Provisioning
        • Guest Deployment
    • Serverless (FaaS)
      • Knative
  • Confidential Serverless Containers
    • Introduction
    • Intel SGX
      • Threat Model
      • Remote attestation verification
      • Secure Storage
        • HashiCorp's Vault
      • Architecture
        • Confidential Knative
        • Certificates
        • Session Management
      • Confidential Container Configuration
    • AMD SEV-SNP
      • Threat Model
      • Architecture
        • Network communication
        • KMS
        • Updates
        • Key rotation
      • Design Decision
  • Benchmarks
    • Hardware
    • Results
    • Architecture Comparison
  • Getting Started
    • FAQ
    • Intel SGX
    • AMD SEV-SNP
  • Glossary
    • SGX Glossary
    • AMD SEV-SNP Glossary
Powered by GitBook
On this page
  1. Preliminaries
  2. What is Confidential Computing?
  3. Intel SGX

Measurement

PreviousEntering and Exiting an EnclaveNextCertificate

Last updated 1 year ago

SGX uses the SHA2-256 hash function to perform measurements. All inputs to ECREATE, EADD and EEXTEND are hashed. The result of each measurement is stored in {MRENCLAVE within the SECS.

When EINIT is called, the size of SECS and SSAFRAMESIZE are measured. If SSAFRAMESIZE is not measured, the data in a malicious and large SSA could potentially overwrite the data in an enclave.

The EEXTEND instruction is used to measure the actual data/code within the EPC pages associated with the virtual addresses. concludes that this was not done along with EADD because it would exceed SGX's latency budget per instruction.

In addition to measuring the code and data running inside an enclave, the memory layout must also be measured to avoid address translation attacks. This is done during the EADD call. The goal of address translation attacks is to map an address translation to potentially malicious code and cause unexpected behavior. Since SGX does not specify a fixed location for ELRANGE within an enclave's virtual address space, the relative positions of the virtual addresses to ELRANGE are taken into account. Also, all access permissions of the EPC pages are included in the measurement.

After calling EINIT, the output of the SHA2-256 hash function is generated and stored in MRENCLAVE. This is done by hashing all intermediate states within MRENCLAVE.

Intel SGX Explained