Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
New Contributor III
89 Views

Allocate executable memory

Jump to solution

Hi, everyone.

Is it possible to allocate executable memory inside an enclave during run time (e.g.: using mmap)?

Thanks,

Rodolfo

0 Kudos

Accepted Solutions
Highlighted
89 Views

I think the short answer is no.

More details regarding a similar question (loader program in an enclave) are here:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878

If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).

View solution in original post

0 Kudos
6 Replies
Highlighted
89 Views

Hi,

Please refer the query from https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/675136

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
New Contributor III
89 Views

Hi, Surenthar.

That query actually doesn't answer my question. I should have stressed the word "executable" in my question. I do know that an enclave can allocate memory using malloc, but my question is more specific. My question is: can I use the allocated memory to store executable code, and, furthermore, can I execute that code inside the enclave (no OCALLS/syscalls involved)?

Thanks,

Rodolfo

0 Kudos
Highlighted
90 Views

I think the short answer is no.

More details regarding a similar question (loader program in an enclave) are here:

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/624878

If you are using Linux, then similar considerations apply to ELF .so files (instead of PE .dll files).

View solution in original post

0 Kudos
Highlighted
New Contributor III
89 Views

Hi, Francisco.

Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.

Thanks.

0 Kudos
Highlighted
Beginner
89 Views

Rodolfo S. wrote:

Hi, Francisco.

Thanks for pointing this to me. That was precisely the information that I was seeking. I guess I'll just have to wait for SGX2 to be released or find a way to configure my pages to have RWX permission by default.

Thanks.

Hi all,

Is there any possible way to configure the EPC pages with RWX permission in SGX1. 

Thanks :)

 

 

0 Kudos
Highlighted
89 Views

Hi,

With SGX1 you cannot modify the permissions of an EPC page after it has been EADD'ed.  Using the Intel(R) SGX SDK, the section in the .dll enclave file must be loaded with RWX permission in order to be both writable and executable. 

Note: Using RWX sections and dynamically loading code into an enclave may create security vulnerabilities.  It should be done with caution.  Section 10 of the Intel(R) SGX Enclave Writer's Guide touches on some of the concerns.

-Surenthar

- Surenthar Selvaraj
0 Kudos