- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i'm just finish coding this, (https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/802697)
it just add 1 on enclave field.
i'm running Visual Studio 2017 by admin permission, debug with SGX Debugger both app, Enclave.
here is my project.zip,with visual studio 2017 https://drive.google.com/open?id=13trTAamhNWaz2Q2BRDtUFP5qCX8Syyuc
and code.
app.cpp
int main() { int a = 1; sgx_enclave_id_t eid; sgx_status_t ret = SGX_SUCCESS; sgx_launch_token_t token = { 0 }; int updated = 0; ret = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL); if (ret != SGX_SUCCESS) { printf("APP error%#x, failed to create enclave. \n", ret); return -1; } int *ptr = &a; printf("%d\n",*ptr); while (1) { foo(eid, ptr); printf("%d\n", *ptr); Sleep(500); } if (SGX_SUCCESS != sgx_destroy_enclave(eid)) return -1; }
Enclave1.edl
enclave { from "sgx_tstdc.edl" import *; trusted { /* define ECALLs here. */ public void foo([in, out]int *ptr); }; untrusted { /* define OCALLs here. */ }; };
Enclave1.cpp
int a = 1; void foo(int *ptr) { *ptr += a++; }
when i running this code, the result is printing correctly what i expected. (1, 2, 4, 7, ....)
and i want know really i have no access permission on enclave field. so turn on Cheat Engine(such as memory Explorer) and scan Enclave1.cpp 's value (int a). but unlike expected, i can modify this value very easy! on SGX explantation, user cannot modify on Enclave fileds.
Why it possible change Enclave1.cpp 's value?
(image = https://drive.google.com/file/d/195BjO4epYPC_-YCkhM48Og6QUX0ytgVu/view?usp=sharing)
in this picture, 23 is Enclave1.cpp 's 'int a' value
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you create the enclave,
sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG,...
The flag SGX_DEBUG_FLAG indicates whether or not the enclave can be inspected/debugged/modified.
The enclave you are creating is likely one that is allowed to be debugged.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you create the enclave,
sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG,...
The flag SGX_DEBUG_FLAG indicates whether or not the enclave can be inspected/debugged/modified.
The enclave you are creating is likely one that is allowed to be debugged.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks to your regards Francisco C.
I found that https://software.intel.com/en-us/sgx-sdk-dev-reference-sgx-create-enclave - sgx_create_enclave() - SGX_DEBUG_FLAG
as far from topic, i'm interested of SGX's memory limit.
in this topic(https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/670322) 6th's processor has 90MB EPC Memory.
but EPC memory, listen for the first time to me.
anyway i'm using i7-8700k so i want know my cpu's EPC memory limit.
i7-8700k specifications (https://ark.intel.com/products/126684/Intel-Core-i7-8700K-Processor-12M-Cache-up-to-4-70-GHz-)
but, i can't find about EPC even official specification site! what is EPC? and how can i find my cpu's EPC limit?
thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Oh.
Everything in that thread you posted still applies to all currently shipping Intel processors with SGX. They all support a maximum of 128MB physical EPC. After subtracting overhead memory required for running SGX, it leaves approximately 90MB of actual usable EPC for enclaves. As mentioned, if you use paging in Linux, you can expand that, but there is a performance penalty, of course.
Regards.
Scott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for your help, but i have one more question.
my SGX SDK version is 2.2.100.48339, and SGX v2 support Dynamic Memory Allocation inside an enclave.
(http://caslab.csl.yale.edu/workshops/hasp2016/HASP16-17.pdf)
my sgx sdk version is up 2.x , but there is error when i modify Enclave.config.xml - HeapMaxSzie up to 128mb.
i think my mainboard not support SGX v2. so i'm looking for which devices supporting SGX v2, but i can't find any results during googling 1 hour....
my mainboard is ASRock Z370 Pro4, cpu i7-8700k.
please linking where can i find SGX v2 supporting motherboard.
thanks :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
The SDK version and the SGX technology versions do not directly correlate. Your processor only supports the SGX 1.0 feature set. The only currently shipping processors that support EDMM are based on the Gemini Lake SOC such as the Intel® Celeron® J4005 Processor as found in the NUC models NUC7CJYH and NUC7PJYH.
Regards.
Scott

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page