Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
24 Views

A question about .sign.so file

Jump to solution

Hello:

      After I use SGX SDK to generate a .sign.so file ,if I know the edl file and the enclave name(app wants to use), It seems like I can generate a mailcious .sign.so file to replace old .sign.so file. I test this in the example of SampleEnclave and change the enclave code to generate the mailcious .sign.so file; After replacing, It output as changed code. So In SGX,how to bind each app to a specific Enclave?  Thank you bery much!

0 Kudos

Accepted Solutions
Highlighted
Employee
24 Views

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

View solution in original post

0 Kudos
2 Replies
Highlighted
Employee
25 Views

Hello.

To be able to load an enclave in production mode, it has to be on the Intel whitelist.  And to be whitelisted, there is a formal process including signing a Commercial License Agreement.  In your example, I assume you simply replaced one debug mode enclave with another, in which case, the whitelist isn't used.

Please see the "Overview of Signing and Whitelisting Intel SGX Enclaves" document at the link below for more details on this:

https://software.intel.com/en-us/sgx/resource-library

Regards.

Scott

View solution in original post

0 Kudos
Highlighted
Beginner
24 Views

Thank you very much!

0 Kudos