https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145350#M2417 <P>Hi,</P> <P><SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">Intel SGX is a set of CPU code instructions that allows</SPAN>&nbsp;<SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from&nbsp;Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.&nbsp;</SPAN></P> <P><SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.&nbsp;</SPAN></P> Thu, 13 Jul 2017 13:49:51 GMT Anusha_K_Intel 2017-07-13T13:49:51Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145349#M2416 <P>Hi, I'm studying Intel SGX and applying it to an application.</P> <P>And I am curious whether I can put all the application code in Enclave and run the application securely.</P> <P>I mean whether I could put the all existing application codes in Enclave (for example including main function and some projects of the visual studio solution)</P> <P><SPAN style="font-size: 1em;">If It could be put in Enclave, I want to know how to do it.</SPAN></P> <P>&nbsp;</P> <P>Best regards</P> <P>Suin</P> Wed, 12 Jul 2017 02:20:02 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145349#M2416 suin_k_ 2017-07-12T02:20:02Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145350#M2417 <P>Hi,</P> <P><SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">Intel SGX is a set of CPU code instructions that allows</SPAN>&nbsp;<SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">user-level code to allocate private regions of memory and the allocated memory needs to be minimal. The enclave size is 128 Mb and it is very small to load and entire application. And enclave must contain only the code that needs to be protected such as passwords,account numbers,financial information...to protect from&nbsp;Os attacks. And if the application size is large and it has some system calls,which are not supported inside enclave then it cannot be used inside the enclave.&nbsp;</SPAN></P> <P><SPAN style="color: rgb(34, 34, 34); font-family: sans-serif; font-size: 14px;">But you can develop your application in such a way that no one can tamper with you data by storing all the critical functions inside the enclave.&nbsp;</SPAN></P> Thu, 13 Jul 2017 13:49:51 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145350#M2417 Anusha_K_Intel 2017-07-13T13:49:51Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145351#M2418 <P>Generally, a SGX Application is partitioned into two parts, untrusted part and trusted part. Trusted part should include the code and data you want to protect. Untrusted part include normal code and data, as well as the code for managing enclave (load &nbsp;and destroy enclave). So you can not put all of your code into enclave.</P> Fri, 14 Jul 2017 01:47:12 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145351#M2418 you_w_ 2017-07-14T01:47:12Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145352#M2419 <P>Library OS enables unmodified applications inside SGX. You could refer to Graphene-SGX for such a system on Linux.</P> Fri, 14 Jul 2017 14:26:22 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145352#M2419 yunfeng7854 2017-07-14T14:26:22Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145353#M2420 <P>Thanks everyone</P> <P>I understood that it is hard to put the entire application inside the enclave.</P> <P>I have another question.</P> <P>Could I use global variable inside enclave securely?</P> <P>I checked that local variables of trusted function inside enclave were encrypted but global variables inside enclave were not encrypted.</P> <P>I thought the local variables were encrypted because the variables were used in the trusted functions defined in .edl file.</P> <P>I hope to know how to use the global variables in enclave if I could use them.</P> <P>Best regards</P> <P>Suin</P> Wed, 19 Jul 2017 05:43:00 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Putting-All-application-code-in-Enclave/m-p/1145353#M2420 suin_k_ 2017-07-19T05:43:00Z