Community
cancel
Showing results for 
Search instead for 
Did you mean: 
gu_j_1
Beginner
184 Views

How to generate the SIGSTRUCT and EINITTOKEN for Intel SGX EINIT instruction?

Jump to solution

 

To be specific, the Intel manual only says the ENCLAVEHASH in SIGSTRUCT is the hash of enclave which includes attributes and data. However, it does not mention more details.

Besides, the SIGNATURE in SIGSTRUCT is the signature over Header and Body. Does it mean that use a private key to sign the SIGSTRUCT's header and body together?

I want to construct an enclave in Linux. Thanks!

0 Kudos

Accepted Solutions
Simon_J_Intel
Employee
184 Views

Currently at this time we do not support Linux. We will have more to say about that in 2016.

For reference the Software Developers Manual Ch.38 (http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-... identifies the fields in SIGSTRUCT and EINITTOKEN that have integrity over them. The instruction references should also give you the order in which they're calculated over.

However, EINITTOKEN can only be produced by an Intel Signed Enclave (this is not yet available for Linux).

 

View solution in original post

3 Replies
Simon_J_Intel
Employee
185 Views

Currently at this time we do not support Linux. We will have more to say about that in 2016.

For reference the Software Developers Manual Ch.38 (http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-... identifies the fields in SIGSTRUCT and EINITTOKEN that have integrity over them. The instruction references should also give you the order in which they're calculated over.

However, EINITTOKEN can only be produced by an Intel Signed Enclave (this is not yet available for Linux).

 

View solution in original post

gu_j_1
Beginner
184 Views

Thank you!

So far, we can only generate a SIGSTRUCT using our own RSA key pair in Linux. Is this true?

Few days ago, Intel has published SGX SDK for windows. Is it possible that I can use the EINITTOKEN generated by windows SDK for Linux? 

Simon_J_Intel
Employee
184 Views

We have not designed the Enclaves that Intel provides to be Operating System agnostic; they are only validated for Windows. Building and using them in another OS is an unsupported configuration and we cannot predict the result.

 

Please also review the SGX SDK End-User Licensing Agreement for restrictions.

Reply