Dynamic Loading of functions with SGX 1

logic_dump · ‎01-25-2024

Hi, i have been trying to load functions dynamically into an enclave, since SGX 2 isnt widely available yet been trying to implement it in SGX 1.

Things i have tried:

1. dynamic loading - some how this doesnt work for me when i try to mprotect, getting a permission denied error.

2. Trying to set X permission for EPC during build time(not sure i am doing it the write way)

3. Have read that majority of libOses setup a pool of EPC pages with X permission during the build time to actually solve this, but havent found any implementation that i can refer to.

Can i get any direction in respect to this problem, thanks!

Wojciech_M_Intel · ‎02-09-2024

Hi,
If you follow official Intel SGX Developer Reference :
https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.23_Open_Source.pdf
page 38 states :

Dynamic Libraries
An enclave shared object must not depend on any dynamically linked library
in any way. The enclave loader has been intentionally designed to prohibit
dynamic linking of libraries within an enclave. The protection of an enclave is
dependent upon obtaining an accurate measurement of all code and data that
is placed into the enclave at load time; thus, dynamic linking would add complexity without providing any benefit over static linking.
CAUTION:
The enclave image signing process will fail if the enclave file has any unresolved dependencies.

Regards,
Wojtek

Dynamic Loading of functions with SGX 1

How to

SGX Tools