Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Attest multiple enclaves with single app

Saturno269637
Beginner
1,048 Views

Hi,

I was experimenting remote attestation of multiple enclaves, following the logic and the modules of the sgx ra sample available on github.

My goal is trying to create an application that allows attesting different enclaves all in a single application since I have never seen applications doing this, is it possible? If I attest the second enclave calling the same function with a different enclave_id, I receive error #1001("The ECALL or OCALL function index is incorrect"), but the other parameters are still the same. Do I need to have the functions enclave_ra_init,sgx_ra_proc_msg1, etc also defined in the edl of all the enclaves? Because when compiling with makefile all the files, there are a lot of name collisions warnings that make the compilation fail.

Labels (3)
0 Kudos
1 Solution
Sahira_Intel
Moderator
995 Views

Hi,

Yes it is possible. The enclaves need to be named differently though. The LocalAttestation sample loads 3 different enclaves (in one app). In this sample they're just named Enclave1, Enclave2, Enclave3: https://github.com/intel/linux-sgx/tree/master/SampleCode/LocalAttestation


Sincerely,

Sahira


View solution in original post

0 Kudos
1 Reply
Sahira_Intel
Moderator
996 Views

Hi,

Yes it is possible. The enclaves need to be named differently though. The LocalAttestation sample loads 3 different enclaves (in one app). In this sample they're just named Enclave1, Enclave2, Enclave3: https://github.com/intel/linux-sgx/tree/master/SampleCode/LocalAttestation


Sincerely,

Sahira


0 Kudos
Reply