https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106532#M1200 <P></P><BLOCKQUOTE>Rodolfo S. wrote:<BR /><P></P> <P>Hi, Francisco.</P> <P>Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.</P> <P>Thanks.</P> <P></P></BLOCKQUOTE><P></P> <P>Hi all,</P> <P>Is there any possible way to configure the EPC pages with RWX permission in SGX1.&nbsp;</P> <P>Thanks :)</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 21 May 2017 14:06:00 GMT Shredha_K_ 2017-05-21T14:06:00Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106527#M1195 <P>Hi, everyone.</P> <P>Is it possible to allocate executable memory inside an enclave during run time (e.g.: using mmap)?</P> <P>Thanks,</P> <P>Rodolfo</P> Tue, 06 Dec 2016 15:19:02 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106527#M1195 Rodolfo_S_ 2016-12-06T15:19:02Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106528#M1196 <P>Hi,</P> <P>Please refer the query from&nbsp;<A href="https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/675136">https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/675136</A></P> <P>-Surenthar</P> Wed, 07 Dec 2016 11:50:20 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106528#M1196 Surenthar_S_Intel 2016-12-07T11:50:20Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106529#M1197 <P>Hi, Surenthar.</P> <P>That query actually doesn't answer my question. I should have stressed the word "<STRONG>executable</STRONG>" in my question. I do know that an enclave can allocate memory using malloc, but my question is more specific. My question is: can I use the allocated memory to store executable code, and, furthermore, can I execute that code inside the enclave (no OCALLS/syscalls involved)?</P> <P>Thanks,</P> <P>Rodolfo</P> Wed, 07 Dec 2016 12:35:37 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106529#M1197 Rodolfo_S_ 2016-12-07T12:35:37Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106530#M1198 <P>I think the short answer is no.</P> <P>More details regarding a similar question (loader program in an enclave) are here:</P> <P><A href="https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878">https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878</A></P> <P>If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).</P> Wed, 07 Dec 2016 19:54:09 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106530#M1198 Francisco_C_Intel 2016-12-07T19:54:09Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106531#M1199 <P>Hi, Francisco.</P> <P>Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.</P> <P>Thanks.</P> Wed, 07 Dec 2016 20:30:02 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106531#M1199 Rodolfo_S_ 2016-12-07T20:30:02Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106532#M1200 <P></P><BLOCKQUOTE>Rodolfo S. wrote:<BR /><P></P> <P>Hi, Francisco.</P> <P>Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.</P> <P>Thanks.</P> <P></P></BLOCKQUOTE><P></P> <P>Hi all,</P> <P>Is there any possible way to configure the EPC pages with RWX permission in SGX1.&nbsp;</P> <P>Thanks :)</P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 21 May 2017 14:06:00 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106532#M1200 Shredha_K_ 2017-05-21T14:06:00Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106533#M1201 <P>Hi,</P> <P style="word-wrap: break-word; font-size: 12px;">With SGX1 you cannot modify the permissions of an EPC&nbsp;page after it has been EADD'ed.&nbsp; Using the Intel(R) SGX SDK, the section in the .dll enclave file must be loaded with RWX permission in order to be both writable and executable.&nbsp;</P> <P style="word-wrap: break-word; font-size: 12px;">Note: Using RWX sections and dynamically loading code into an enclave may create security vulnerabilities.&nbsp; It should be done with caution.&nbsp; Section 10 of the<A href="https://community.intel.com/legacyfs/online/drupal_files/managed/ae/48/Software-Guard-Extensions-Enclave-Writers-Guide.pdf">&nbsp;Intel(R) SGX Enclave Writer's Guide&nbsp;</A>touches on some of the concerns.</P> <P style="word-wrap: break-word; font-size: 12px;">-Surenthar</P> Mon, 22 May 2017 08:36:50 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Allocate-executable-memory/m-p/1106533#M1201 Surenthar_S_Intel 2017-05-22T08:36:50Z