Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Getting started with SGX

Frank_G_2
Beginner
1,914 Views

I have just been given the task to understand Intel’s SGX. The high level concept is cool and interesting of created protected memory areas but I’m trying to understand down to the next level other than just the high 1000ft concept from a briefing like this: https://software.intel.com/sites/default/files/332680-002.pdf

The brief said some things that were quite interesting on page 12:

“Familiar development/debug

– Single application environment

– Build on existing ecosystem expertise

Familiar deployment model

– Platform integration not a bottleneck to

deployment of trusted apps”

Looking through the forum it almost looks like SGX is still not available as like almost no postings on it and the ones that do exist are fairly old.  Also only like 7 posting using SGX?

As a developer I wanted to understand what I as a developer of say a C, C++, Java program need to do to implemented Intel SGX.  So I wanted to see some examples so jumped to the SGX

But looking at the SGX API for this has me a bit concerned: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf

This seems to be some low level programing here like assembly but not quite sure have not seen nor done assembly since college like hummm 1985 lol .

On page 21 it pictorially depicts an enclave with enclave code but make no mention of what language it’s written in nor how it would interact with the user/untrusted area.  Page 23 shows some instructions like ECRAETYE, EADD EINT etc. If this is the API where are some explicit code examples?

When I look in the SGX api guide they use terms like register which leads me to believe if you are to use Intel’s SGX you better be familiar with assembly and on intel processors to really use it? Is that true? If so how is that a familiar development model for most developers?

0 Kudos
1 Solution
Dan_Zimmerman
Employee
1,914 Views

Update:

Intel SGX SDK for Linux* OS open source project is now live at:  https://01.org/intel-softwareguard-eXtensions

View solution in original post

0 Kudos
5 Replies
Frank_G_2
Beginner
1,914 Views

Ok so I finally found I think the answer to one question as looks like you are confined to C/C++ programing wise. And some documents seem to indicate an availability on Linux be it only Ubuntu but looking at https://software.intel.com/en-us/sgx-sdk looks like Windows only? So if want to or have existing applications on Linux or if code is written in some other language I guess you cannot utilize SGX?

0 Kudos
Dan_Zimmerman
Employee
1,914 Views

Hi Frank,

You are correct.  We currently only have bindings for C/C++ (meaning your enclave has to be written in C/C++).  But, there is nothing preventing a developer from using another language (Java, C# for example) and calling those C/C++ interfaces from their respective native interface capabilities (JNI, PInvoke)

Regarding OS support, currently we only have SDK support for Windows at this time.  Linux support coming in 2016.

cheers,

Dan

0 Kudos
Dan_Zimmerman
Employee
1,915 Views

Update:

Intel SGX SDK for Linux* OS open source project is now live at:  https://01.org/intel-softwareguard-eXtensions

0 Kudos
João_R_
Novice
1,914 Views

There is some example to run with JNI?

0 Kudos
Anusha_K_Intel
Employee
1,914 Views

Hi,

Unfortunately, we do not have sample code that demonstrates JNI specifically.  But, the strategy for solving this issue is the same for most/all managed languages.  The developer needs to provide a “shim” library (C/C++) that is used to call into the enclave and supports any ocalls made from the enclave.  The java app can then JNI to the shim library. 
  
The tutorial series (https://software.intel.com/en-us/sgx/code-samples) uses this strategy for the application built in C# to make ecalls and support ocalls.

0 Kudos
Reply