Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

EINT Token

SAM_R_2
Beginner
‎09-07-2016 11:02 PM
660 Views
Solved Jump to solution

Hi,

How to prepare the EINIT Token in SGX? Could you please explain in details?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎09-07-2016 11:42 PM
660 Views
Solved Jump to solution

Hi Sam,

In the SGX spec, Intel will need to provide an Intel-signed launch enclave to make SGX usable. This enclave will use EGETKEY to acquire the launch key for that processor and sign enclaves to allow them to run there. If that launch enclave isn't trying to enforce any particular policy about what enclaves can and can't run, it's actually a trivial piece of code. A basic launch enclave only requires user/enclave calling convention and an enclave CMAC implementation, both of which are simple and fundamental to any useful SGX implementation.

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

4 Replies
Surenthar_S_Intel
Employee
‎09-07-2016 11:42 PM
661 Views
Solved Jump to solution

Hi Sam,

In the SGX spec, Intel will need to provide an Intel-signed launch enclave to make SGX usable. This enclave will use EGETKEY to acquire the launch key for that processor and sign enclaves to allow them to run there. If that launch enclave isn't trying to enforce any particular policy about what enclaves can and can't run, it's actually a trivial piece of code. A basic launch enclave only requires user/enclave calling convention and an enclave CMAC implementation, both of which are simple and fundamental to any useful SGX implementation.

Thanks and Regards,
Surenthar Selvaraj

0 Kudos
Copy link
SAM_R_2
Beginner
‎09-07-2016 11:49 PM
660 Views
Solved Jump to solution

Thanks for your detailed info....

0 Kudos
Copy link
Ofir_W_
Beginner
‎09-08-2016 08:11 AM
660 Views
Solved Jump to solution

Hello Surenthar,

I in understand right, and after looking at the open source launch enclave provided in the SDK, the provided launch enclave makes sure the user enclave is signed with a white listed key. Is it possible for me to get a Intel-signed launch enclave that lets every enclave run? It would be extremely useful for me in order to run enclaves just on my machine, in non-debug mode.

Where can I get such Intel-signed allow-all launch enclave?

 

Thanks!

Ofir

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎09-10-2016 04:47 AM
660 Views
Solved Jump to solution

Hi,

For testing remote attestation, Sandbox is available for testing purpose Goto : https://software.intel.com/formfill/sgx-onboardingThis link is available from the SGX landing zone (software.intel.com/sgx). Go to “Resource Library” and then select “Access Development Services” from the sidebar.

-Surenthar

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.