TLS for SGX: a port of mbedtls
Tls-SGX, based on mbedtls (previously PolarSSL), is an implementation of TLS protocol suite and a variety of cryptographic primitives that can be within Intel SGX enclaves. In order to keep the operating system out of the TCB, the core idea of this port is to have TLS layers in the enclave and only call into the OS for transport services (TCP / UDP). Treated as a big MITM, even a malicious OS can not tamper with the security of TLS sessions originated from an SGX enclave.