Can SGX enclaves run in VMX root mode (or VMM)?

Question

Can SGX enclaves run in VMX root mode (or VMM)?

bronzeMe opened this issue 6 years ago · 2 comments

Hello,

Is it possible to run SGX enclaves at VMX root mode's ring 3? As we know, Intel VMX root mode has ring0-3, so can we run a SGX enclave at VMX-root mode's ring3 and install the Intel SGX Driver at VMX-root mode's ring0?

That is, can we run SGX enclaves correctly inside the VMM (or Hypervisor)

This question is inspired by one statement in the Intel SDM file: "Intel SGX functionality (including SGX1 and SGX2) can be made available to software running in either VMX root operation or VMX non-root operation", but there seems no additional description about running SGX enclave in VMX root mode.

Thanks.

Answer 1 · 2019-06-19T17:26:04.000Z

Yes. VMXON doesn't affect using SGX in the VMM.

Answer 2 · 2019-06-20T00:39:57.000Z

Thank you for your reply, I will explore it more.