Community
cancel
Showing results for 
Search instead for 
Did you mean: 
dai_c_
Beginner
135 Views

A question about .sign.so file

Jump to solution

Hello:

      After I use SGX SDK to generate a .sign.so file ,if I know the edl file and the enclave name(app wants to use), It seems like I can generate a mailcious .sign.so file to replace old .sign.so file. I test this in the example of SampleEnclave and change the enclave code to generate the mailcious .sign.so file; After replacing, It output as changed code. So In SGX,how to bind each app to a specific Enclave?  Thank you bery much!

0 Kudos
1 Solution
Scott_R_Intel
Employee
135 Views

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

View solution in original post

2 Replies
Scott_R_Intel
Employee
136 Views

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

View solution in original post

dai_c_
Beginner
135 Views

Thank you very much!

Reply