https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1410679#M5451 <P>Hello,</P> <P>&nbsp;</P> <P><U>Library</U></P> <P>The library that generates the enclave.signed.so has an ecall <FONT face="courier new,courier">public int ecall_two(int n)</FONT>.</P> <P>&nbsp;</P> <P><U>Application</U></P> <P>When I invoke the application I get the error:</P> <LI-CODE lang="bash">$ ./app_ex ./app_ex: symbol lookup error: ./app_ex: undefined symbol: ecall_two</LI-CODE> <P>But this happens when using <FONT face="courier new,courier">-rdynamic</FONT> in the makefile (I don't need it, was just trying to find a way to solve the problem).</P> <P>Without <FONT face="courier new,courier">-rdynamic</FONT> the error is:</P> <LI-CODE lang="bash">$ ./app_ex Loads remote enclave using sgx_create_enclave_from_buffer_ex sgx_create_enclave: success Segmentation fault (core dumped)</LI-CODE> <P>&nbsp;</P> Thu, 25 Aug 2022 13:15:28 GMT Daniel_ˢᵍˣ 2022-08-25T13:15:28Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1407423#M5426 <P>Hello,</P> <P>&nbsp;</P> <P>I have a lib project that generates an enclave.signed.so and an app project that loads that .so using <FONT face="courier new,courier">sgx_create_enclave_from_buffer_ex</FONT>. The enclave is loaded successfully. However, when I attempt to invoke ecalls this fails.</P> <P>&nbsp;</P> <P>I created a hello world to demo the problem: <A href="https://github.com/andrade/create-from-buffer-hello" target="_blank">https://github.com/andrade/create-from-buffer-hello</A></P> <P>&nbsp;</P> <P>I imagined <FONT face="courier new,courier">sgx_create_enclave_from_buffer_ex</FONT> would work similarly to <FONT face="courier new,courier">dlopen</FONT> and allow this scenario. Am I doing something wrong? Is this not possible with SGX?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>* Right now this is all done locally but the endgame is having a server that can load client enclaves on request and invoke a well-defined API which all clients implement (clients may have other ecalls/ocalls which the server does not care about and ignores).</P> Wed, 10 Aug 2022 18:00:12 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1407423#M5426 Daniel_ˢᵍˣ 2022-08-10T18:00:12Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1408364#M5435 <P>Hi,</P><P>This is probably because the empty trusted enclave function gets compiled out. It should work if you put something in the enclave (it can be something simple like returning a value). </P><P><BR /></P><P><A href="https://github.com/andrade/create-from-buffer-hello/blob/a5beed8111c5e5ec030d1f830635e80f83834a93/lib/enclave.c#L9" rel="noopener noreferrer" target="_blank">https://github.com/andrade/create-from-buffer-hello/blob/a5beed8111c5e5ec030d1f830635e80f83834a93/lib/enclave.c#L9</A></P><P><BR /></P><P><BR /></P><P>Sincerely,</P><P>Sahira</P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><P><BR /></P><BR /> Mon, 15 Aug 2022 23:17:17 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1408364#M5435 Sahira_Intel 2022-08-15T23:17:17Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1408571#M5438 <P>Hello. Thank you for your reply.</P> <P>&nbsp;</P> <P>I've tried with a non-empty ecall but it still fails with the same error.</P> <P>&nbsp;</P> <P><A href="https://github.com/andrade/create-from-buffer-hello/blob/fa2279b65cf0c3b9c329450c613847a47238fcc3/lib/enclave.c#L14" target="_blank">https://github.com/andrade/create-from-buffer-hello/blob/fa2279b65cf0c3b9c329450c613847a47238fcc3/lib/enclave.c#L14</A></P> Tue, 16 Aug 2022 15:19:39 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1408571#M5438 Daniel_ˢᵍˣ 2022-08-16T15:19:39Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1410216#M5447 <P>Hi,</P> <P>Can you send the errors you are getting?&nbsp;</P> <P>Sincerely,</P> <P>Sahira</P> Tue, 23 Aug 2022 18:46:37 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1410216#M5447 Sahira_Intel 2022-08-23T18:46:37Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1410679#M5451 <P>Hello,</P> <P>&nbsp;</P> <P><U>Library</U></P> <P>The library that generates the enclave.signed.so has an ecall <FONT face="courier new,courier">public int ecall_two(int n)</FONT>.</P> <P>&nbsp;</P> <P><U>Application</U></P> <P>When I invoke the application I get the error:</P> <LI-CODE lang="bash">$ ./app_ex ./app_ex: symbol lookup error: ./app_ex: undefined symbol: ecall_two</LI-CODE> <P>But this happens when using <FONT face="courier new,courier">-rdynamic</FONT> in the makefile (I don't need it, was just trying to find a way to solve the problem).</P> <P>Without <FONT face="courier new,courier">-rdynamic</FONT> the error is:</P> <LI-CODE lang="bash">$ ./app_ex Loads remote enclave using sgx_create_enclave_from_buffer_ex sgx_create_enclave: success Segmentation fault (core dumped)</LI-CODE> <P>&nbsp;</P> Thu, 25 Aug 2022 13:15:28 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1410679#M5451 Daniel_ˢᵍˣ 2022-08-25T13:15:28Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1412270#M5456 <P><FONT face="arial,helvetica,sans-serif">Finally got it working.</FONT></P> <P><FONT face="arial,helvetica,sans-serif">Library generates <EM>enclave.signed.so</EM> and <EM>untrusted.so</EM>. Then application creates enclave from <EM>enclave.signed.so</EM> and loads <EM>untrusted.so</EM> using dlopen.</FONT></P> <P><FONT face="arial,helvetica,sans-serif">I wasn't generating untrusted code and passing it to the app which was causing the problem. I usually don't do this when I have no ocalls but in this case it won't work without it.</FONT></P> <P><FONT face="arial,helvetica,sans-serif">I've also updated the repository with the example I posted above, in case someone else needs it, since there is no other code using <FONT face="courier new,courier" class="sub_section_element_selectors"><SPAN class="sub_section_element_selectors">sgx_create_enclave_from_buffer_ex</SPAN></FONT> at the moment as far as I could find.</FONT></P> Thu, 01 Sep 2022 21:31:13 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Ecall-invocation-from-a-remote-enclave-fails/m-p/1412270#M5456 Daniel_ˢᵍˣ 2022-09-01T21:31:13Z