Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
24 Views

Executing a binary on different target

Jump to solution

Suppose If I build my SGX application om my machine in RELEASE mode, can I execute the same binary on different machine running on Intel SGX?

How is this done usually? If I want my app to be deployed to a cloud, can I build it locally, sign it with the whitelist key and deploy to a cloud server?

 

Thanks

 

 

 

0 Kudos

Accepted Solutions
Highlighted
24 Views

>Suppose If I build my SGX application om my machine in RELEASE mode, can I execute the same binary on different machine running on Intel SGX?

Yes. ISVs will typically build their application, sign their enclave, and then create an installation package (for example, .exe or .msi for Windows).

They can then distribute their software to end-user systems and the end-user systems all receive the exact same signed enclave binary.

>How is this done usually? If I want my app to be deployed to a cloud, can I build it locally, sign it with the whitelist key and deploy to a cloud server?

It depends on what application you are trying to distribute, but in a general, big-picture sense, yes, you can do what you are suggesting.

You can offer your app to be downloaded by end-users directly from your website. If your app is offered by OEMs, you could provide it to the OEMs you work with and let them handle distribution. If it's a "Windows Store" app, then the "Windows Store" can handle distribution.

However you would solve this problem for non-SGX applications, you should be able to use the same solution to solve it for SGX applications.

Hope this helps.

Thanks,

Francisco

 

 

View solution in original post

0 Kudos
1 Reply
Highlighted
25 Views

>Suppose If I build my SGX application om my machine in RELEASE mode, can I execute the same binary on different machine running on Intel SGX?

Yes. ISVs will typically build their application, sign their enclave, and then create an installation package (for example, .exe or .msi for Windows).

They can then distribute their software to end-user systems and the end-user systems all receive the exact same signed enclave binary.

>How is this done usually? If I want my app to be deployed to a cloud, can I build it locally, sign it with the whitelist key and deploy to a cloud server?

It depends on what application you are trying to distribute, but in a general, big-picture sense, yes, you can do what you are suggesting.

You can offer your app to be downloaded by end-users directly from your website. If your app is offered by OEMs, you could provide it to the OEMs you work with and let them handle distribution. If it's a "Windows Store" app, then the "Windows Store" can handle distribution.

However you would solve this problem for non-SGX applications, you should be able to use the same solution to solve it for SGX applications.

Hope this helps.

Thanks,

Francisco

 

 

View solution in original post

0 Kudos