> > By requiring preservation of RSP at both AEX and EEXIT, this precludes > the possibility of using the untrusted stack as temporary storage by > enclaves. While that looks reasonable at first glance, I'm afraid it > isn't the case in reality. The untrusted stack is inarguably the most > convenient way for data exchange between an enclave and its enclosing > process, and is in fact being used for that purpose by almost all > existing enclaves to date. Given the expectation that this API will be > used by all future SGX application, it looks unwise to ban the most > convenient and commonly used approach for data exchange. > > For reference, here's the code in the Intel toolchain responsible for > this: > https://github.com/intel/linux- > sgx/blob/6a0b5ac71f8d16f04e0376f3b2168e80c773dd23/sdk/trts/trts.cpp#L125 > -L140 > > Regarding "almost all existing enclaves to date", enclaves built with > the Fortanix toolchain don't touch the untrusted stack. > > -- > Jethro Beekman | Fortanix Thanks for providing the references. Yes, not every enclave touches the untrusted stack so I used the word "almost". Everything exists for a reason. By bringing up what is done today, I was trying to inspire thinking on the more important question of "why is it done this way today?".
