Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Dynamic Memory Allocation

morbitzer
Beginner
1,978 Views

Hey,

I'm trying to create an SGX enclave that makes use of the EMM feature. Unfortunately, I haven't been able to find an example, so I am already struggling with creating the correct configuration file.

To my understand, I need to define a UserRegionSize to be able to allocate memory. According to the developer reference, I therefore added this to my config:

<UserRegionSize>0x900000</UserRegionSize>

Furthermore, the developer reference states that when a UserRegionSize is set, "MiscSelect[0] and MiscMask[0] must be set to 1 and the enclave needs to be loaded on SGX 2.0 platform."

Setting MiscMask[0] should be the standard, as the default value for MiscMask is 0xFFFFFFFF.

However, the default value for MiscSelect is 0, so I need a different value there. I tried 0xFFFFFFFF and 1, but for both, sgx_create_enclave returns SGX_ERROR_INVALID_METADATA. So my random guesses didn't get me much further. The reference says that MiscSelect defines "The desired Extended SSA frame feature.", but I was not able to find any further information on what that is and which values I could use there.

 

Could you please point me to a working config file or maybe even an example enclave that uses EMM features?

 

I'm running my tests on a NUC with support for SGX2:

cpuid | grep -i sgx
      SGX: Software Guard Extensions supported = true                                                                                  
      SGX_LC: SGX launch config supported      = true                                                                                  
   Software Guard Extensions (SGX) capability (0x12/0):                                                                                
      SGX1 supported                           = true                                                                                  
      SGX2 supported                           = true  
      SGX ENCLV E*VIRTCHILD, ESETCONTEXT       = false
      SGX ENCLS ETRACKC, ERDINFO, ELDBC, ELDUC = false                                                                                 
   SGX attributes: ECREATE SECS.ATTRIBUTES (0x12/1):   
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x2):
   SGX Enclave Page Cache (EPC) enumeration (0x12/0x3):    

My current config file is the one from the SGX SampleCode: https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/Enclave/config.05.xml

 

Thanks for your help!

0 Kudos
1 Solution
Aznie_Intel
Moderator
1,797 Views

 

Hi Morbitzer,

 

Thank you again for your patience.

 

Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.

 

Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.

 

For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.

 

 

Regards,

Aznie

 

View solution in original post

0 Kudos
7 Replies
Aznie_Intel
Moderator
1,946 Views

Hi Morbitzer,

 

Thanks for reaching out.

 

We are checking this with our developer team and it may take some time. We will update you with the information once available.

 

 

Regards,

Aznie

 


0 Kudos
Aznie_Intel
Moderator
1,891 Views

Hi Morbitzer,

 

Thanks for your patience.

 

The SGX_ERROR_INVALID_METADATA error is referring to the metadata embedded within the enclave image being corrupt or missing. We are unable to replicate the issue from our end. Could you share your config file for us to further investigate from our end? Which Linux SGX version you are using?

 

In case you are using the dynamic features on SGX2 platform, we would suggest to set MiscMask[0]=0 and MiscSelect[0]=1 in your use cases.

 

 

Regards,

Aznie

0 Kudos
morbitzer
Beginner
1,872 Views

Hi Aznie,

 

I created a minimal example by taking the SampleEnclave and replacing the Enclave.config.xml with config.05.xml According to my understanding, config.05.xml should support EMM. I attached a .zip containing this project, but as said, it's just an example from Intel with a different config provided with the example. 

The config sets MiscMask and MiscSelect as follows:

  <MiscSelect>1</MiscSelect>
  <MiscMask>0xFFFFFFFF</MiscMask>

Is there also a way to specifically set the 0-th bit of each parameter?

When I execute "make" and "./app" in this project, I receive the following output:

Error: Invalid enclave metadata.
Enter a character before exit ...

 Does this work on your systems? If so, at least I would know that this is a problem with the system, not with the project.

On my system, I run ubuntu 22.04 with a 5.15.0-69-generic kernel, so using the in-kernel SGX driver. As SDK, I installed version 2.19.100.3

 

Regards,

Mathias

0 Kudos
Aznie_Intel
Moderator
1,856 Views

Hi Mathias,


Thanks for sharing the file. We are checking on this and will get back to you soon.



Regards,

Aznie


0 Kudos
Aznie_Intel
Moderator
1,798 Views

 

Hi Morbitzer,

 

Thank you again for your patience.

 

Update from our engineering team, SGX EDMM support was not added into the Linux Kernel until v6.0. I would advise you to upgrade to v6.0 kernel and try it again.

 

Here is the reference for EDMM, "SGX EDMM support (v6.0 or later)" at https://github.com/intel/sgx-emm.

 

For EDMM support, you need to Build and install kernel with EDMM support by following the instruction in GitKernelBuild.

 

 

Regards,

Aznie

 

0 Kudos
morbitzer
Beginner
1,771 Views

Indeed, the newer kernel fixed the problem! Using kernel v6.3, I'm now able to dynamically allocate memory in the enclave.

Thanks!

0 Kudos
Aznie_Intel
Moderator
1,747 Views

Hi Morbitzer,


This thread will no longer be monitored since this issue has been resolved. If you need any additional information from Intel, please submit a new question.



Regards,

Aznie


0 Kudos
Reply