<random> on asylo generate real hardware random or pseudo random ?
36 views
Skip to first unread message
Van Yu
Jul 9, 2019, 9:00:07 AM7/9/19
to Asylo Users
Hello,
If I use functions from <random> header in enclave, can I get real hardware random or just pseudo random ?
Keith Moyer
Jul 9, 2019, 2:19:48 PM7/9/19
to Van Yu, Asylo Users
Van,
For SGX hardware enclaves, we implement /dev/[u]random (which is the source of entropy for many APIs in <random>) with the RDRAND instruction (see https://github.com/google/asylo/blob/master/asylo/platform/arch/sgx/trusted/hardware_random.cc), so you do get real hardware-based randomness.
For simulated enclaves, we currently don't make use of RDRAND to enable people to run simulated enclaves on older CPUs (before RDRAND was available). In this case, it's pseudo-random. Though, we've discussed changing that and just trusting the host for randomness in simulated enclaves (since the host is already in the trust boundary for simulated enclaves).
Does that answer your question?
- Keith
On Tue, Jul 9, 2019 at 6:00 AM Van Yu <thank...@gmail.com> wrote:
Hello,If I use functions from <random> header in enclave, can I get real hardware random or just pseudo random ?
--
Visit asylo.dev for the latest information.
---
You received this message because you are subscribed to the Google Groups "Asylo Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
To post to this group, send email to asylo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/a810b2b1-ac1a-457b-baa3-4020542992bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Van Yu
Jul 10, 2019, 12:24:08 AM7/10/19
to Keith Moyer, Asylo Users
Reply all
Reply to author
Forward
0 new messages