Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Data marshalling from enclaves

mxl01
Novice
‎07-31-2021 03:27 AM
849 Views
Solved Jump to solution

Hi,

can somebody suggest an elegant way of marshalling various data from enclaves to the untrusted App? 

Let's say we have a struct 

 

struct table_entry {
int id;
uint8_t name[];
uint8_t data[];
int age;
};

 

 

and we need to fill the contents inside the enclave. Then, we can define the struct in the EDL file and pass it as a parameter to the enclave in an [in,out] ecall after allocating the struct with the right size in the untrusted App. However, the enclave cannot simply overwrite the name and data buffers as these are allocated in untrusted memory.

 

trusted {
  public void ecall_edit_entry([in, out] struct table_entry* entry);
}

 

 

This does not work, if I try to access edited values after the ecall inside the untrusted App, the pointers are invalid.

When we forget the struct and just pass all parts of the struct as own parameters in the ecall, then we need to pass a pointer to each of the four attributes, which is in my opinion not very elegant for numeric types.

Is there a simpler/ more elegant way to pass various data (such as numeric, strings, arrays,..) from and to enclaves?

 

EDIT: If I use arrays as in the code snipped above, I get the message 'Flexible array is not supported' when trying to compile the project, which makes sense. Still, I would like to have a fix/workaround for this issue.

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎08-02-2021 10:28 AM
822 Views
Solved Jump to solution

Hello Mxl01,


Refer to section "Structures, Enums, and Unions" in the chapter "Enclave Definition Language Syntax" in the SGX Developer Reference Guide for your OS. When passing structs to enclaves in ecalls, you don't need to pass a pointer to the struct, pass the struct directly. You can also pass variables directly, you don't have to pass pointers.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
JesusG_Intel
Moderator
‎08-02-2021 10:28 AM
823 Views
Solved Jump to solution

Hello Mxl01,


Refer to section "Structures, Enums, and Unions" in the chapter "Enclave Definition Language Syntax" in the SGX Developer Reference Guide for your OS. When passing structs to enclaves in ecalls, you don't need to pass a pointer to the struct, pass the struct directly. You can also pass variables directly, you don't have to pass pointers.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎08-04-2021 08:51 AM
807 Views
Solved Jump to solution

Hello Mxl01,


Do you still need help with this issue?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎08-06-2021 10:34 AM
795 Views
Solved Jump to solution

Hello Mxl01,


We have not heard from you in several days so we will no longer monitor this thread. We hope you were able to resolve your issue. Please start a new thread if you need further help.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.