Intel® Software Guard ExtensionsDeveloper Reference for Windows* OS
- 68 -
//Actualaddressmustbeinuntrustedmemory
voidfoo(HWNDhWnd);
Pointer Handling in ECALLs
In ECALLs, the trusted bridge checks that the marshaling structure does not
overlap with the enclave memory, and automatically allocates space on the
trusted stack to hold a copy of the structure. Then it checks that pointer para-
meters with their full range do not overlap with the enclave memory. When a
pointer to the untrusted memory with the in attribute is passed to the
enclave, the trusted bridge allocates memory inside the enclave and copies
the memory pointed to by the pointer from outside to the enclave memory.
When a pointer to the untrusted memory with the out attribute is passed to
the enclave, the trusted bridge allocates a buffer in the trusted memory, zer-
oes the buffer contents to clear any previous data and passes a pointer to this
buffer to the trusted function. After the trusted function returns, the trusted
bridge copies the contents of the trusted buffer to untrusted memory. When
the in and out attributes are combined, the trusted bridge allocates memory
inside the enclave, makes a copy of the buffer in the trusted memory before
calling the trusted function, and once the trusted function returns, the trusted
bridge copies the contents of the trusted buffer to the untrusted memory.
The amount of data copied out is the same as the amount of data copied in.
NOTE:
When an ECALLwith a pointer parameter with outattribute returns, the trus-
ted bridge always copies data from the buffer in enclave memory to the buffer
outside. You must clear all sensitive data from that buffer on failure.
Before the trusted bridge returns, it frees all the trusted heap memory alloc-
ated at the beginning of the ECALL function for pointer parameters with a dir-
ection attribute. Attempting to use a buffer allocated by the trusted bridge
after it returns results in undefined behavior.
Pointer Handling in OCALLs
For OCALLs, the trusted proxy allocates memory on the outside stack to pass
the marshaling structure and checks that the pointer parameters with their full
range are within enclave. When a pointer to trusted memory with the in attrib-
ute is passed from an enclave (an OCALL), the trusted proxy allocates memory
outside the enclave and copies the memory pointed by the pointer from
inside the enclave to the untrusted memory. When a pointer to the trusted
memory with the out attribute is passed from an enclave (an OCALL), the trus-
ted proxy allocates a buffer on the untrusted stack, and passes a pointer to