I think the CPU info of the emulator is leaked here

[jmp0x7c00]

in EDL file:

public void ecall_emu_step_frame([user_check] struct gb_state *p1   , [user_check] struct emu_state *p, [user_check]struct emu_cpu_state *ecs, [user_check] u16 *lcd_pixbuf);

Any write to ecs in the enclave code will leak.

void
ecall_emu_step_frame(struct gb_state *s, struct emu_state *es, struct emu_cpu_state *ecs, u16 *lcd_pixbuf)
{
    emu_step_frame(s);
    memcpy(es, s->emu_state, sizeof(struct emu_state));
    memcpy(ecs, s->emu_cpu_state, sizeof(struct emu_cpu_state));
    memcpy(lcd_pixbuf, es->lcd_pixbuf, 23040 * 2);
}
``

[dkarnikis]

Thanks for the catch.

I know my code contains several bugs/hacks in order to make it work. Unfortunately, I don't have much time to revise/update/fix/improve the current code base so I keep this repo as a fun task I did in a weekend (and as a proof of concept). I might rewrite it some day, who knows.

Thank you again :)