- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
I'm trying to create an SGX enclave that makes use of the EMM feature. Unfortunately, I haven't been able to find an example, so I am already struggling with creating the correct configuration file.
To my understand, I need to define a UserRegionSize to be able to allocate memory. According to the developer reference, I therefore added this to my config:
<UserRegionSize>0x900000</UserRegionSize>Furthermore, the developer reference states that when a UserRegionSize is set, "MiscSelect[0] and MiscMask[0] must be set to 1 and the enclave needs to be loaded on SGX 2.0 platform."
Setting MiscMask[0] should be the standard, as the default value for MiscMask is 0xFFFFFFFF.
However, the default value for MiscSelect is 0, so I need a different value there. I tried 0xFFFFFFFF and 1, but for both, sgx_create_enclave returns SGX_ERROR_INVALID_METADATA. So my random guesses didn't get me much further. The reference says that MiscSelect defines "The desired Extended SSA frame feature.", but I was not able to find any further information on what that is and which values I could use there.
Could you please point me to a working config file or maybe even an example enclave that uses EMM features?
I'm running my tests on a NUC with support for SGX2:
cpuid | grep -i sgx
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
Software Guard Extensions (SGX) capability (0x12/0):
SGX1 supported = true
SGX2 supported = true
SGX ENCLV E*VIRTCHILD, ESETCONTEXT = false
SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false
SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
SGX Enclave Page Cache (EPC) enumeration (0x12/0x3): My current config file is the one from the SGX SampleCode: https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/Enclave/config.05.xml
Thanks for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morbitzer,
Thank you again for your patience.
Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.
Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.
For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.
Regards,
Aznie
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morbitzer,
Thanks for reaching out.
We are checking this with our developer team and it may take some time. We will update you with the information once available.
Regards,
Aznie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morbitzer,
Thanks for your patience.
The SGX_ERROR_INVALID_METADATA error is referring to the metadata embedded within the enclave image being corrupt or missing. We are unable to replicate the issue from our end. Could you share your config file for us to further investigate from our end? Which Linux SGX version you are using?
In case you are using the dynamic features on SGX2 platform, we would suggest to set MiscMask[0]=0 and MiscSelect[0]=1 in your use cases.
Regards,
Aznie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Aznie,
I created a minimal example by taking the SampleEnclave and replacing the Enclave.config.xml with config.05.xml According to my understanding, config.05.xml should support EMM. I attached a .zip containing this project, but as said, it's just an example from Intel with a different config provided with the example.
The config sets MiscMask and MiscSelect as follows:
<MiscSelect>1</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>Is there also a way to specifically set the 0-th bit of each parameter?
When I execute "make" and "./app" in this project, I receive the following output:
Error: Invalid enclave metadata.
Enter a character before exit ...Does this work on your systems? If so, at least I would know that this is a problem with the system, not with the project.
On my system, I run ubuntu 22.04 with a 5.15.0-69-generic kernel, so using the in-kernel SGX driver. As SDK, I installed version 2.19.100.3
Regards,
Mathias
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Mathias,
Thanks for sharing the file. We are checking on this and will get back to you soon.
Regards,
Aznie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morbitzer,
Thank you again for your patience.
Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.
Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.
For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.
Regards,
Aznie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indeed, the newer kernel fixed the problem! Using kernel v6.3, I'm now able to dynamically allocate memory in the enclave.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morbitzer,
This thread will no longer be monitored since this issue has been resolved. If you need any additional information from Intel, please submit a new question.
Regards,
Aznie
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page