We cannot rely upon the untrusted main init procedure to initialize module-private memory. Moreover, upon enabling a protected module, a Sancus-enabled processor zeroes out the entire private data section.
To avoid having to always write your own initialization procedure, the compiler should generate an sm_init procedure, included in the SM's text section and automatically called upon the first invocation after enabling SM protection.
We cannot rely upon the untrusted
maininit procedure to initialize module-private memory. Moreover, upon enabling a protected module, a Sancus-enabled processor zeroes out the entire private data section.To avoid having to always write your own initialization procedure, the compiler should generate an
sm_initprocedure, included in the SM's text section and automatically called upon the first invocation after enabling SM protection.