Date: Fri, 07 Jul 2023 17:01:41 -0700
On Friday, 7 July 2023 10:09:12 PDT 1one1 via Std-Proposals wrote:
> Modern processors from vendors such as Intel and AMD provide various
> hardware-level security features, such as Intel's Software Guard Extensions
> (SGX). And yet currently, there is no standard way in C++ to utilize these
> features, and developers must rely on vendor-specific APIs and tools,
> leading to non-portable code.
That's because to enter the secure enclaves, you need operating system help
(those are privileged operations). Communication with the enclave could happen
via socket or pipe or other types of serial IPC (not shared memory).
> Creation: A std::thread object is created by constructing an instance of
> the std::thread class, passing the function to be executed in a new
> thread as a constructor argument. This is in much the same way
> [[secure::enclave]] would work.
That's impossible. You can't share memory with a secure enclave *because* it's
secure, so it can't be a thread. See above.
> Modern processors from vendors such as Intel and AMD provide various
> hardware-level security features, such as Intel's Software Guard Extensions
> (SGX). And yet currently, there is no standard way in C++ to utilize these
> features, and developers must rely on vendor-specific APIs and tools,
> leading to non-portable code.
That's because to enter the secure enclaves, you need operating system help
(those are privileged operations). Communication with the enclave could happen
via socket or pipe or other types of serial IPC (not shared memory).
> Creation: A std::thread object is created by constructing an instance of
> the std::thread class, passing the function to be executed in a new
> thread as a constructor argument. This is in much the same way
> [[secure::enclave]] would work.
That's impossible. You can't share memory with a secure enclave *because* it's
secure, so it can't be a thread. See above.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Software Architect - Intel DCAI Cloud Engineering
Received on 2023-07-08 00:01:43