- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, everyone.
Is it possible to allocate executable memory inside an enclave during run time (e.g.: using mmap)?
Thanks,
Rodolfo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the short answer is no.
More details regarding a similar question (loader program in an enclave) are here:
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878
If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please refer the query from https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/675136
-Surenthar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Surenthar.
That query actually doesn't answer my question. I should have stressed the word "executable" in my question. I do know that an enclave can allocate memory using malloc, but my question is more specific. My question is: can I use the allocated memory to store executable code, and, furthermore, can I execute that code inside the enclave (no OCALLS/syscalls involved)?
Thanks,
Rodolfo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the short answer is no.
More details regarding a similar question (loader program in an enclave) are here:
https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878
If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Francisco.
Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rodolfo S. wrote:
Hi, Francisco.
Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.
Thanks.
Hi all,
Is there any possible way to configure the EPC pages with RWX permission in SGX1.
Thanks :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
With SGX1 you cannot modify the permissions of an EPC page after it has been EADD'ed. Using the Intel(R) SGX SDK, the section in the .dll enclave file must be loaded with RWX permission in order to be both writable and executable.
Note: Using RWX sections and dynamically loading code into an enclave may create security vulnerabilities. It should be done with caution. Section 10 of the Intel(R) SGX Enclave Writer's Guide touches on some of the concerns.
-Surenthar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page