Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Rodolfo_S_
New Contributor III
198 Views

Allocate executable memory

Jump to solution

Hi, everyone.

Is it possible to allocate executable memory inside an enclave during run time (e.g.: using mmap)?

Thanks,

Rodolfo

0 Kudos

Accepted Solutions
198 Views

I think the short answer is no.

More details regarding a similar question (loader program in an enclave) are here:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878

If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).

View solution in original post

6 Replies
198 Views
Rodolfo_S_
New Contributor III
198 Views

Hi, Surenthar.

That query actually doesn't answer my question. I should have stressed the word "executable" in my question. I do know that an enclave can allocate memory using malloc, but my question is more specific. My question is: can I use the allocated memory to store executable code, and, furthermore, can I execute that code inside the enclave (no OCALLS/syscalls involved)?

Thanks,

Rodolfo

199 Views

I think the short answer is no.

More details regarding a similar question (loader program in an enclave) are here:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878

If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).

View solution in original post

Rodolfo_S_
New Contributor III
198 Views

Hi, Francisco.

Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.

Thanks.

Shredha_K_
Beginner
198 Views

Rodolfo S. wrote:

Hi, Francisco.

Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.

Thanks.

Hi all,

Is there any possible way to configure the EPC pages with RWX permission in SGX1. 

Thanks :)

 

 

198 Views

Hi,

With SGX1 you cannot modify the permissions of an EPC page after it has been EADD'ed.  Using the Intel(R) SGX SDK, the section in the .dll enclave file must be loaded with RWX permission in order to be both writable and executable. 

Note: Using RWX sections and dynamically loading code into an enclave may create security vulnerabilities.  It should be done with caution.  Section 10 of the Intel(R) SGX Enclave Writer's Guide touches on some of the concerns.

-Surenthar

Reply