Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Dynamic Loading of functions with SGX 1

logic_dump
Beginner
735 Views

Hi, i have been trying to load functions dynamically into an enclave, since SGX 2 isnt widely available yet been trying to implement it in SGX 1.

Things i have tried:

1. dynamic loading  - some how this doesnt work for me when i try to mprotect, getting a permission denied error.

2. Trying to set X permission for EPC during build time(not sure i am doing it the write way)

3. Have read that majority of libOses setup a pool of EPC pages with X permission during the build time to actually solve this, but havent found any implementation that i can refer to. 

 

Can i get any direction in respect to this problem, thanks!

Labels (2)
0 Kudos
1 Reply
Wojciech_M_Intel
Moderator
620 Views

Hi,
If you follow official Intel SGX Developer Reference :
https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.23_Open_Source.pdf
page 38 states :

Dynamic Libraries
An enclave shared object must not depend on any dynamically linked library
in any way. The enclave loader has been intentionally designed to prohibit
dynamic linking of libraries within an enclave. The protection of an enclave is
dependent upon obtaining an accurate measurement of all code and data that
is placed into the enclave at load time; thus, dynamic linking would add complexity without providing any benefit over static linking.
CAUTION:
The enclave image signing process will fail if the enclave file has any unresolved dependencies.

Regards,
Wojtek

0 Kudos
Reply