Greetings,

I am a computer security researcher working on adding functionality to the hardware security enclaves recently released on CPUs (e.g. Intel SGX or ARM TrustZone). I think that OpenLDAP would suit my purposes well, and I was thinking of attempting to secure SASL and TLS/SSL functionality. My plan is to get OpenSSL to use the secure enclave, and adopt OpenLDAP to use the enclave as well for SASL and TLS. I just need a little help on where to start looking. I have seen sasl.c and saslauthz.c in servers/slapd, as well as tls2.c in libraries/libldap and libraries/libldap_r. Anywhere else I should be looking? Is the only difference between libraries/libldap and libraries/libldrap_r just the use of threads?

Finally, any other ideas about what else I can protect? For those unfamiliar, security enclaves allow for virtual address ranges to be encrypted/decrypted on the processor itself. So even an adversary with root privileges would not be able to read data/code/whatever within the secure address range.

Thanks in advance for any help.

- Derrick McKee