Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

How to generate the SIGSTRUCT and EINITTOKEN for Intel SGX EINIT instruction?

gu_j_1
Beginner
1,123 Views

 

To be specific, the Intel manual only says the ENCLAVEHASH in SIGSTRUCT is the hash of enclave which includes attributes and data. However, it does not mention more details.

Besides, the SIGNATURE in SIGSTRUCT is the signature over Header and Body. Does it mean that use a private key to sign the SIGSTRUCT's header and body together?

I want to construct an enclave in Linux. Thanks!

0 Kudos
1 Solution
Simon_J_Intel
Employee
1,123 Views

Currently at this time we do not support Linux. We will have more to say about that in 2016.

For reference the Software Developers Manual Ch.38 (http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf) identifies the fields in SIGSTRUCT and EINITTOKEN that have integrity over them. The instruction references should also give you the order in which they're calculated over.

However, EINITTOKEN can only be produced by an Intel Signed Enclave (this is not yet available for Linux).

 

View solution in original post

0 Kudos
3 Replies
Simon_J_Intel
Employee
1,124 Views

Currently at this time we do not support Linux. We will have more to say about that in 2016.

For reference the Software Developers Manual Ch.38 (http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf) identifies the fields in SIGSTRUCT and EINITTOKEN that have integrity over them. The instruction references should also give you the order in which they're calculated over.

However, EINITTOKEN can only be produced by an Intel Signed Enclave (this is not yet available for Linux).

 

0 Kudos
gu_j_1
Beginner
1,123 Views

Thank you!

So far, we can only generate a SIGSTRUCT using our own RSA key pair in Linux. Is this true?

Few days ago, Intel has published SGX SDK for windows. Is it possible that I can use the EINITTOKEN generated by windows SDK for Linux? 

0 Kudos
Simon_J_Intel
Employee
1,123 Views

We have not designed the Enclaves that Intel provides to be Operating System agnostic; they are only validated for Windows. Building and using them in another OS is an unsupported configuration and we cannot predict the result.

 

Please also review the SGX SDK End-User Licensing Agreement for restrictions.

0 Kudos
Reply