Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

A question about .sign.so file

dai_c_
Beginner
‎08-12-2018 06:02 PM
598 Views
Solved Jump to solution

Hello:

      After I use SGX SDK to generate a .sign.so file ,if I know the edl file and the enclave name(app wants to use), It seems like I can generate a mailcious .sign.so file to replace old .sign.so file. I test this in the example of SampleEnclave and change the enclave code to generate the mailcious .sign.so file; After replacing, It output as changed code. So In SGX,how to bind each app to a specific Enclave?  Thank you bery much!

0 Kudos
1 Solution
Scott_R_Intel
Employee
‎08-13-2018 07:25 AM
598 Views
Solved Jump to solution

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Scott_R_Intel
Employee
‎08-13-2018 07:25 AM
599 Views
Solved Jump to solution

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

0 Kudos
Copy link
dai_c_
Beginner
‎08-13-2018 06:23 PM
598 Views
Solved Jump to solution

Thank you very much!

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.