topic Re: Dynamic Memory Allocation in Intel® Software Guard Extensions (Intel® SGX)

Dynamic Memory Allocation

morbitzer — Wed, 31 May 2023 15:40:13 GMT

Hey,

I'm trying to create an SGX enclave that makes use of the EMM feature. Unfortunately, I haven't been able to find an example, so I am already struggling with creating the correct configuration file.

To my understand, I need to define a UserRegionSize to be able to allocate memory. According to the developer reference, I therefore added this to my config:

Furthermore, the developer reference states that when a UserRegionSize is set, "MiscSelect[0] and MiscMask[0] must be set to 1 and the enclave needs to be loaded on SGX 2.0 platform."

Setting MiscMask[0] should be the standard, as the default value for MiscMask is 0xFFFFFFFF.

However, the default value for MiscSelect is 0, so I need a different value there. I tried 0xFFFFFFFF and 1, but for both, sgx_create_enclave returns SGX_ERROR_INVALID_METADATA. So my random guesses didn't get me much further. The reference says that MiscSelect defines "The desired Extended SSA frame feature.", but I was not able to find any further information on what that is and which values I could use there.

Could you please point me to a working config file or maybe even an example enclave that uses EMM features?

I'm running my tests on a NUC with support for SGX2:

cpuid | grep -i sgx SGX: Software Guard Extensions supported = true SGX_LC: SGX launch config supported = true Software Guard Extensions (SGX) capability (0x12/0): SGX1 supported = true SGX2 supported = true SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1): SGX Enclave Page Cache (EPC) enumeration (0x12/0x2): SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):

My current config file is the one from the SGX SampleCode: https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/Enclave/config.05.xml

Thanks for your help!

Re:Dynamic Memory Allocation

Aznie_Intel — Thu, 01 Jun 2023 07:42:56 GMT

Hi Morbitzer,

Thanks for reaching out.

We are checking this with our developer team and it may take some time. We will update you with the information once available.

Regards,

Aznie

Re: Dynamic Memory Allocation

Aznie_Intel — Wed, 07 Jun 2023 01:17:13 GMT

Hi Morbitzer,

Thanks for your patience.

The SGX_ERROR_INVALID_METADATA error is referring to the metadata embedded within the enclave image being corrupt or missing. We are unable to replicate the issue from our end. Could you share your config file for us to further investigate from our end? Which Linux SGX version you are using?

In case you are using the dynamic features on SGX2 platform, we would suggest to set MiscMask[0]=0 and MiscSelect[0]=1 in your use cases.

Regards,

Aznie

Re: Dynamic Memory Allocation

morbitzer — Wed, 07 Jun 2023 09:34:24 GMT

Hi Aznie,

I created a minimal example by taking the SampleEnclave and replacing the Enclave.config.xml with config.05.xml According to my understanding, config.05.xml should support EMM. I attached a .zip containing this project, but as said, it's just an example from Intel with a different config provided with the example.

The config sets MiscMask and MiscSelect as follows:

<MiscSelect>1</MiscSelect> <MiscMask>0xFFFFFFFF</MiscMask>

Is there also a way to specifically set the 0-th bit of each parameter?

When I execute "make" and "./app" in this project, I receive the following output:

Error: Invalid enclave metadata. Enter a character before exit ...

Does this work on your systems? If so, at least I would know that this is a problem with the system, not with the project.

On my system, I run ubuntu 22.04 with a 5.15.0-69-generic kernel, so using the in-kernel SGX driver. As SDK, I installed version 2.19.100.3

Regards,

Mathias

Re:Dynamic Memory Allocation

Aznie_Intel — Thu, 08 Jun 2023 02:28:01 GMT

Hi Mathias,

Thanks for sharing the file. We are checking on this and will get back to you soon.

Regards,

Aznie

Re: Dynamic Memory Allocation

Aznie_Intel — Tue, 13 Jun 2023 06:20:18 GMT

Hi Morbitzer,

Thank you again for your patience.

Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.

Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.

For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.

Regards,

Aznie

Re: Dynamic Memory Allocation

morbitzer — Tue, 13 Jun 2023 15:44:35 GMT

Indeed, the newer kernel fixed the problem! Using kernel v6.3, I'm now able to dynamically allocate memory in the enclave.

Thanks!

Re:Dynamic Memory Allocation

Aznie_Intel — Wed, 14 Jun 2023 04:11:07 GMT

Hi Morbitzer,

This thread will no longer be monitored since this issue has been resolved. If you need any additional information from Intel, please submit a new question.

Regards,

Aznie