Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1467 Discussions

Dynamic linkage of an Enclave

Spisak-Spisacki__Krz
Beginner
‎06-24-2019 09:22 AM
737 Views

Hi,

I need to build a dynamic library that will act as a wrapper for an enclave dynamic library. Reasoning behind that is to provide an interface that could be integrated with a NodeJS application (using node-ffi) as well as to implement error handling. I have already done this on Windows and it worked like a charm - my application dynamically loaded both Enclave DLL and my wrapper DLL and did what I expected it to. However it turned out that this will have to run under Linux, so I'm trying to do the same under Linux which turned out to be problematic.

What have I done so far:

  1. Installed SGX as per https://github.com/intel/linux-sgx and tested it using SampleEnclave app
  2. Copied Makefile from https://github.com/intel/linux-sgx to my project and adapted it for my needs (kept changes to minimum)
  3. Built app using make and got Enclave.signed.so
  4. Built my EnclaveWrapper.so with  
    g++ -shared -fPIC -Wl,-soname,Enclave.signed.so -o EnclaveWrapper.so App/*.o
  5.  Built a simple test app that calls a method from EnclaveWrapper.so with 
    g++ -c test.cpp
  6.  Attempted to link both dynamic libs to a test app with 
    g++ -o prog test.o -L. -l:EnclaveWrapper.so -l:Enclave.signed.so -lm

    ... but it failed with following messages:

 ./EnclaveWrapper.so: undefined reference to `sgx_thread_set_untrusted_event_ocall'
./EnclaveWrapper.so: undefined reference to `sgx_thread_setwait_untrusted_events_ocall'
./EnclaveWrapper.so: undefined reference to `sgx_destroy_enclave'
./EnclaveWrapper.so: undefined reference to `sgx_ecall'
./EnclaveWrapper.so: undefined reference to `sgx_create_enclave'
./EnclaveWrapper.so: undefined reference to `sgx_oc_cpuidex'
./EnclaveWrapper.so: undefined reference to `sgx_thread_set_multiple_untrusted_events_ocall'
./EnclaveWrapper.so: undefined reference to `sgx_thread_wait_untrusted_event_ocall'
collect2: error: ld returned 1 exit status

Which looks like the linkage to Enclave.signed.so has failed.

Now, I do not have so much experience with developing under Linux, so it was tempting to assume this issue is not related to SGX. However I created a simple project in which I'm doing exactly the same linkage but with no SGX involved. It worked like a charm, so it seems I'm doing something not-too-SGXy ;)

Any help appreciated! I intentionally haven't included my code/makefile because I wanted to keep it as simple as possible and also I don't think those are relevant, since code worked on Windows. If needed, I can of course provide source, via GitHub or just by pasting here.

Thanks for your replies!

Kris

0 Kudos

Link Copied

0 Replies
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.