- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
Let's say that a program has a process that can be done within an enclave or not. Some encryption for example.
Is there a way to have a function and decide at runtime if it will execute in an enclave or not?
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello X99,
You can implement foo() in a static library and link it to both your enclave and your untrusted app. This way, both the untrusted app or your enclave can call the function and you write the code only once. You can link a static library with your enclave as long as it does not have any dependencies. You can read more about linking with libraries in the SGX Developer Reference for your OS.
Sincerely,
Jesus G.
Intel Customer Support
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello X99,
The untrusted application must decide which code path to take based on the status of SGX on the platform. Fortunately, the SGX SDK provides several functions that help you detect the status of SGX.
Navigate to Section Intel® Software Guard Extensions SDK Feature-Detection Functions in Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications for a full explanation of these functions. Scroll down further for code samples.
The functions are:
- sgx_is_capable()
- sgx_cap_enable_device()
- sgx_cap_get_status()
- sgx_enable_device()
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Off to a great start, thanks!
To be more precise, let's say that I have a function "foo" that does the sensitive processing.
At runtime, let's say that the untrusted app uses one of the functions you mentioned to decide whether it will use an enclave or not.
How can I build my app so that foo can be called either as being part of an enclave or not? Should I duplicate the function to have a copy in an enclave and a copy in a standard, untrusted executable? Or is there a way to avoid such code duplication?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello X99,
You can implement foo() in a static library and link it to both your enclave and your untrusted app. This way, both the untrusted app or your enclave can call the function and you write the code only once. You can link a static library with your enclave as long as it does not have any dependencies. You can read more about linking with libraries in the SGX Developer Reference for your OS.
Sincerely,
Jesus G.
Intel Customer Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's all the info I was searching for, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page