- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, in Impression of Intel SGX Performance the authors generate some benchmarks to analyse the performance of a program encrypting data inside the enclaves using AES-128. They say that both the in buffer and the out buffer are declared using 'USER_CHECK'. But how can you do that? I have a program that does the same thing, but I declare my parameters using [in, out]. When I try to switch to 'USER_CHECK', the enclave in buffer is empty after calling the function. How do you copy an 'USER_CHECK' pointer memory to the enclave and back to the untrusted memory?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Bianca,
The sample solution that is attached to the bottom of this article, https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutorial-part-7-refining-the-enclave.html, has several functions that are declared with [user_check] in the EDL. Check the EDL file in the Enclave project. You will find the user_check functions in Enclave.cpp.
The article also explains how it uses the user_check parameter.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Bianca,
The sample solution that is attached to the bottom of this article, https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutorial-part-7-refining-the-enclave.html, has several functions that are declared with [user_check] in the EDL. Check the EDL file in the Enclave project. You will find the user_check functions in Enclave.cpp.
The article also explains how it uses the user_check parameter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bianca,
Was the sample code I sent you earlier helpful to you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jesus,
I believe it did in the sense that it is working, but I am still confused about the performance. Because when I change the data in buffer pointer from [in, out] to [user_check] and copy this plain text data to the enclave, it takes 3 times longer to perform the overall computation. My buffer in pointer is [user_check] flagged and the buffer out is [in, out] as from my understanding the enclave environment cannot read the enclave content, it must be crossed through the proxy bridge.
In the developer reference, it says it should be the other way around, but there is a massive difference between my benchmarks (100-150 MB/sec) vs the one from the link that I sent (1000-2000 MB/sec).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Bianca,
In both the Intel code sample and the paper, the authors used [user_check] for both the input and output buffers in the ECALL. See this excerpt from the Intel article:
The original EDL for ve_load_vault() and ve_get_vault() looks like this:
public int ve_load_vault ([in, count=len] unsigned char *edata, uint32_t len);
public int ve_get_vault ([out, count=len] unsigned char *edata, uint32_t len);
Rewriting these to specify user_check results in the following:
public int ve_load_vault ([user_check] unsigned char *edata);
public int ve_get_vault ([user_check] unsigned char *edata, uint32_t len);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bianca,
Do you still need help with this issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page