Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

About sgx_create_encrypted_enclave

Yurie_F_
Beginner
1,060 Views

Hi!

I'm interested in the enclave the protection of the Enclave itself.

I want to use SGXAPI "sgx_create_encrypted_enclave".

Is there sample code using it or the documentation how to use?

If yes, please let me know.

 

what encryption algorithm does it encrypt the enclave?

And, can the developer select any algorithm in the future?

Thanks,

 

0 Kudos
3 Replies
Anusha_K_Intel
Employee
1,060 Views

Hi,

sgx_create_encrypted_enclave
Loads the encrypted enclave using its file name and initializes it using a launch token.
sgx_create_encrypted_enclave is a macro for the sgx_create_encrypted_enclavea(ANSI) or sgx_create_encrypted_enclavew (Unicode) function.

Syntax:

sgx_status_t sgx_create_encrypted_enclave(
const char *file_name,
const int debug,
sgx_launch_token_t *launch_token,
int *launch_token_updated,
sgx_enclave_id_t *enclave_id,
sgx_misc_attribute_t *misc_attr,
uint8_t* sealed_key
);

And you can find the information regarding this function is Page No.139 of  https://software.intel.com/sites/default/files/managed/b4/cf/Intel-SGX-SDK-Developer-Reference-for-Windows-OS.pdf

0 Kudos
Rodolfo_S_
New Contributor III
1,060 Views

Hi, Anusha.

Could you provide more details on how the encrypted enclave is generated? Is there a specific algorithm to be used? What about the key?
I read the Developer Reference, but I couldn't find anything regarding it.

Thank you,
Rodolfo

0 Kudos
Yurie_F_
Beginner
1,060 Views
Hi, Anusha, Rodolfo. Thank you for your comments. I have the same question with Rodolfo. I've checked the developer reference, but I want to know the specification in detail about this API. I think the user must encrypt the target enclave at first for using this API. But I don't know how to encrypt it.(e.g. which algorithm, which key) Thanks, Yurie
0 Kudos
Reply