What's the relationship among Enclave , thread and process?
Does SGX support multi-thread or multi-process?
What will happen if I call the "fork" to create a new process inside a enclave?
Asked
Active
Viewed 654 times
2
-
Under Linux, you mean? None of your tags (except `[tee]`) imply anything about an OS, and I think you used that tag incorrectly. – Peter Cordes Oct 22 '17 at 16:57
1 Answers
2
What's the relationship among Enclave , thread and process?
An enclave can be considered part of a process. A process can add enclave pages to its memory. After initializing the enclave, the process can execute the enclave code by issuing EENTER [1]. When the enclave call returns, it returns execution to non-enclave (untrusted) memory via EEXIT.
A thread is one of possibly multiple threads of executions of a process.
Does SGX support multi-thread or multi-process?
You can't run multiple processes in the same enclave, but you can run multiple threads in the same enclave. Each thread must have their own Thread Control Structure (TCS), which is supported by SGX [2]. With the SGX2 extensions (which are not supported by any CPU yet) it is also possible to add and remove TCS pages after enclave initialization, thereby allowing the enclave to dynamically adjust the amount of threads.
What will happen if I call the "fork" to create a new process inside a enclave?
fork is a system call, which is an illegal instruction in an enclave, therefore it will result in an exception [3].
Sources: The following chapters in https://software.intel.com/sites/default/files/managed/7c/f1/332831-sdm-vol-3d.pdf:
[1] 36.3 Enclave Life Cycle
[2] 38.8 TCS
[3] 38.6.1 Illegal Instructions
user2804197
- 354
- 5
- 13