Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Creating & adding data to an enclave

horesh__gal
Beginner
485 Views

Hello, I'm having troubles creating/adding data to an enclave.

From the tutorials I've seen, the instructions used to manage the enclave are the E-instructions (ECREATE, EADD, etc..) but I haven't seen a guide that clearly explains how to use them.

My current goal is to put data into the enclave in such way that if an unauthorized process tries to access the memory of the enclave I've generated (EPC page) , then the "abort page semantics" will take actions - any attemp to read the data will result with a value of -1.

Should I use these E-instructions in order to reassure my data is securily stored in the enclave I have created? If so, which libraries do I need?

Thanks,

Gal.

0 Kudos
2 Replies
Scott_R_Intel
Employee
485 Views

Hello Gal.

In order to use SGX, yes, the "E-instructions" will need to be utilized.  But, unless you really want to, you don't have to write it all from scratch.  The SGX SDK (Software Development Kit) in combination with the SGX PSW (Platform Software) makes it easier to write enclaves and untrusted enclave calling applications.  Please have a look at our open source SGX projects for more information.

https://01.org/intel-software-guard-extensions/

https://github.com/intel/linux-sgx

https://github.com/intel/linux-sgx-driver

Regards.

Scott

horesh__gal
Beginner
485 Views

Thank you Scott, I'll check it out. 

 Gal.

Reply