Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Data Marshalling into the enclave using a static array

Meysam_t_
Beginner
887 Views

Dear All,

I want to marshal an array into the enclave, and I want to make sure that the memory allocated to this array is in the stack memory and not the heap memory.

What I did is that I defined a static array as follows 

char my_arr[8*64*1024]; 

in EDL file, I also defined 

public void my_ecall_fun([in, out, count=block_length]char*buffer, size_t block_length, [out]uint64_t* sum_up);

and call the ecall by this 

sgx_status_t stat_clca =my_ecall_fun (global_eid,my_arr, 8*64*1024, clsumup);

I am assuming that when my_arr is going to be passed to this function, a buffer with the same size will be allocated in the stack memory in the EPC and then changes will be applied to the buffer and finally the results will be copied back to my_arr in my application (because it is defined as in, out in EDL file). Is my assumption correct?

 

 

 

 

0 Kudos
5 Replies
JesusG_Intel
Moderator
887 Views

Hello Meysam,

That is exactly how it works. See this article for a code sample of how it's done. Also read the section titled, "Pointer Handling in ECALLs" in the Intel SGX Developer Reference for a description of this behavior, which matches yours.

Regards,

Jesus

0 Kudos
Meysam_t_
Beginner
887 Views

Hi Jesus,

Thanks for always helping me. 

As I said, I want to marshall data inside the enclave by a static array to make sure that the memory allocated to this array is in the stack part of the enclave memory. I defined it as a static array in the application (char my_arr[8*64*1024]; ) and define it as in, out in the EDL file as 

sgx_status_t stat_clca =my_ecall_fun (global_eid,my_arr, 8*64*1024, clsumup);

However, when I look at the corresponding proxy function (as explained here https://software.intel.com/en-us/articles/intel-software-guard-extensions-tutorial-part-7-refining-the-enclave) again in static sgx_status_t SGX_CDECL sgx_fun(void* pms), there is a malloc for this array (_in_buffer = (char*)malloc(_len_buffer)) == NULL); hence, I am concluding that this array is defined inside the heap space of the enclave, not the stack part. Am I right? If I am, how to pass an array to the enclave such that the memory allocated to this array is in the stack address of the enclave? 

 

I appreciate your help.

-M

 

0 Kudos
JesusG_Intel
Moderator
887 Views

Hello Meysam,

You are correct, the actual array storage is allocated in the enclave heap and this cannot be changed. The array variable itself is stored in the enclave stack, but the address of the storage that the array variable points to is in the heap.

Remember that the proxy functions that marshall the data between the untrusted app and the enclave are automatically generated by the Edger8r. It is designed this way to facilitate the deep copy of the buffers between the untrusted and trusted memory while ensuring that the allocated memory on each side does not bleed into the other.

 

Regards,

Jesus

0 Kudos
Meysam_t_
Beginner
887 Views

Hi Jesus,

My understanding is that for the array named "my_arr",  inside the enclave the proxy function mallocs an array in the heap part and copy this buffer into that newly allocated buffer. Since then, any memory accesses to my_arr will be steered to the heap addresses and not stack. 

So tell me please if I am wrong, but I think we can't marshal data into the stack part of an enclave. If data is marshaled from application to the enclave or vise versa this will be allocated inside the heap part.

If we define a static variable for local use inside the enclave, the memory of this kind of variable will be allocated from the stack and anytime the enclave accesses this variable, integrity verification is provided, data is stored in this variable encrypted as well. Is that correct?  

Thanks for your help. 

-M

0 Kudos
JesusG_Intel
Moderator
887 Views

Hello Meysam,

That is a perfect description. You got it!

Jesus

0 Kudos
Reply