diff --git a/enclave-runtime/src/lib.rs b/enclave-runtime/src/lib.rs
index 394464f987..912dff9384 100644
--- a/enclave-runtime/src/lib.rs
+++ b/enclave-runtime/src/lib.rs
@@ -257,7 +257,7 @@ fn sidechain_rpc_int(request: &str) -> Result<String> {
 /// (parentchain components) have been initialized (because we need the parentchain
 /// block import dispatcher).
 #[no_mangle]
-pub unsafe extern "C" fn init_enclave_sidechain_components() -> sgx_status_t {
+pub extern "C" fn init_enclave_sidechain_components() -> sgx_status_t {
 	if let Err(e) = initialization::init_enclave_sidechain_components() {
 		error!("Failed to initialize sidechain components: {:?}", e);
 		return sgx_status_t::SGX_ERROR_UNEXPECTED
@@ -387,7 +387,7 @@ fn dispatch_parentchain_blocks_for_import<WorkerModeProvider: ProvideWorkerMode>
 /// This trigger is only useful in combination with a `TriggeredDispatcher` and sidechain. In case no
 /// sidechain and the `ImmediateDispatcher` are used, this function is obsolete.
 #[no_mangle]
-pub unsafe extern "C" fn trigger_parentchain_block_import() -> sgx_status_t {
+pub extern "C" fn trigger_parentchain_block_import() -> sgx_status_t {
 	match internal_trigger_parentchain_block_import() {
 		Ok(()) => sgx_status_t::SGX_SUCCESS,
 		Err(e) => {
diff --git a/enclave-runtime/src/tls_ra/tls_ra_server.rs b/enclave-runtime/src/tls_ra/tls_ra_server.rs
index 35a053814f..3c91278fcb 100644
--- a/enclave-runtime/src/tls_ra/tls_ra_server.rs
+++ b/enclave-runtime/src/tls_ra/tls_ra_server.rs
@@ -152,7 +152,7 @@ where
 }
 
 #[no_mangle]
-pub unsafe extern "C" fn run_state_provisioning_server(
+pub extern "C" fn run_state_provisioning_server(
 	socket_fd: c_int,
 	sign_type: sgx_quote_sign_type_t,
 	skip_ra: c_int,
diff --git a/enclave-runtime/src/top_pool_execution.rs b/enclave-runtime/src/top_pool_execution.rs
index d11fc4d8d7..257bc45df6 100644
--- a/enclave-runtime/src/top_pool_execution.rs
+++ b/enclave-runtime/src/top_pool_execution.rs
@@ -67,7 +67,7 @@ use sp_runtime::{
 use std::{sync::Arc, time::Instant, vec::Vec};
 
 #[no_mangle]
-pub unsafe extern "C" fn execute_trusted_calls() -> sgx_status_t {
+pub extern "C" fn execute_trusted_calls() -> sgx_status_t {
 	if let Err(e) = execute_top_pool_trusted_calls_internal() {
 		return e.into()
 	}
diff --git a/service/src/ocall_bridge/ffi/get_ias_socket.rs b/service/src/ocall_bridge/ffi/get_ias_socket.rs
index 4b48d2b1ad..ac3562d4ee 100644
--- a/service/src/ocall_bridge/ffi/get_ias_socket.rs
+++ b/service/src/ocall_bridge/ffi/get_ias_socket.rs
@@ -22,7 +22,7 @@ use sgx_types::{c_int, sgx_status_t};
 use std::sync::Arc;
 
 #[no_mangle]
-pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
+pub unsafe extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
 	get_ias_socket(ret_fd, Bridge::get_ra_api()) // inject the RA API (global state)
 }
 
diff --git a/service/src/ocall_bridge/ffi/get_update_info.rs b/service/src/ocall_bridge/ffi/get_update_info.rs
index 55a9c7bfb4..2d916c4c24 100644
--- a/service/src/ocall_bridge/ffi/get_update_info.rs
+++ b/service/src/ocall_bridge/ffi/get_update_info.rs
@@ -16,46 +16,41 @@
 
 */
 
-use crate::ocall_bridge::bridge_api::{Bridge, RemoteAttestationBridge};
+use crate::ocall_bridge::bridge_api::{Bridge, OCallBridgeResult, RemoteAttestationBridge};
 use log::*;
 use sgx_types::{sgx_platform_info_t, sgx_status_t, sgx_update_info_bit_t};
 use std::sync::Arc;
 
 #[no_mangle]
-pub extern "C" fn ocall_get_update_info(
+pub unsafe extern "C" fn ocall_get_update_info(
 	p_platform_blob: *const sgx_platform_info_t,
 	enclave_trusted: i32,
 	p_update_info: *mut sgx_update_info_bit_t,
 ) -> sgx_status_t {
-	get_update_info(
-		p_platform_blob,
+	if p_platform_blob.is_null() || p_update_info.is_null() {
+		return sgx_status_t::SGX_ERROR_INVALID_PARAMETER
+	}
+	let platform_blob = unsafe { *p_platform_blob };
+
+	let update_info_result = match get_update_info(
+		&platform_blob,
 		enclave_trusted,
-		p_update_info,
 		Bridge::get_ra_api(), // inject the RA API (global state)
-	)
+	) {
+		Ok(update_info_result) => update_info_result,
+		Err(e) => return e.into(),
+	};
+	unsafe {
+		*p_update_info = update_info_result;
+	}
+	sgx_status_t::SGX_SUCCESS
 }
 
 fn get_update_info(
-	p_platform_blob: *const sgx_platform_info_t,
+	platform_blob: &sgx_platform_info_t,
 	enclave_trusted: i32,
-	p_update_info: *mut sgx_update_info_bit_t,
 	ra_api: Arc<dyn RemoteAttestationBridge>,
-) -> sgx_status_t {
+) -> OCallBridgeResult<sgx_update_info_bit_t> {
 	debug!("    Entering ocall_get_update_info");
-
-	let platform_blob = unsafe { *p_platform_blob };
-
-	let update_info_result = match ra_api.get_update_info(platform_blob, enclave_trusted) {
-		Ok(r) => r,
-		Err(e) => {
-			error!("[-]  Failed to get update info: {:?}", e);
-			return e.into()
-		},
-	};
-
-	unsafe {
-		*p_update_info = update_info_result;
-	}
-
-	sgx_status_t::SGX_SUCCESS
+	ra_api.get_update_info(*platform_blob, enclave_trusted)
 }