- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for for useful replies so far! In a previous post it was written:
>>>>In the SGX spec, Intel will need to provide an Intel-signed launch enclave to make SGX usable. This enclave will use EGETKEY to acquire the launch key for that processor and sign enclaves to allow them to run there. If that launch enclave isn't trying to enforce any particular policy about what enclaves can and can't run, it's actually a trivial piece of code. A basic launch enclave only requires user/enclave calling convention and an enclave CMAC implementation, both of which are simple and fundamental to any useful SGX implementation.
Than I asked the following 2 questions, and received the following answers:
#1. Is it possible to get such a Intel-signed launch enclave that will allow me to test my enclave code in a non-debug enclave? It is ok if it just runs on my machine.
- The attestation service is available to all SGX developers. For developers that have built their enclaves and are ready to access the Intel Attestation Verification Service referenced in the paper, please contactintel.developer.services@intel.com for additional information.
#2. Is there another way, like an existing server that is publicly available, to run my enclave code in non debug mode?
- For testing remote attestation, Sandbox is available for testing purpose Goto : https://software.intel.com/formfill/sgx-onboarding. This link is available from the SGX landing zone (software.intel.com/sgx). Go to “Resource Library” and then select “Access Development Services” from the sidebar.
My original question was not regarding testing attestation, but running an enclave code, in release mode, just on my machine. What is the answer to questions 1 and 2 in that case?
Thank you for your help!
Ofir
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ofir,
To debug enclave code, pls. note you do need to load the enclave in debug mode. If you load enclave in non-debug mode, you can’t set any breakpoint to enclave. You can find instruction how to load enclave in debug mode in the SGX SDK developer reference, I suppose you can find it in IDZ.
About your questions:
1. Is it possible to get such a Intel-signed launch enclave that will allow me to test my enclave code in a non-debug enclave? It is ok if it just runs on my machine.
No. There is an enclave launch white-list file, signed by Intel. I don’t think we can add arbitrary entry there.
2. Is there another way, like an existing server that is publicly available, to run my enclave code in non debug mode?
No
>> but running an enclave code, in release mode, just on my machine.
Release mode also known as production mode enclaves are only allowed when production license with Intel is approved, there are no other ways to execute them either locally or remotely. User might want to look into pre-release mode that would get them very close to release mode for any testing requirements. Also, you might want to check this article for detailed information on the difference between the various modes we provide for the developer community - https://software.intel.com/en-us/blogs/2016/01/07/intel-sgx-debug-production-prelease-whats-the-difference
-Surenthar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page