I have just been given the task to understand Intel’s SGX. The high level concept is cool and interesting of created protected memory areas but I’m trying to understand down to the next level other than just the high 1000ft concept from a briefing like this: https://software.intel.com/sites/default/files/332680-002.pdf
The brief said some things that were quite interesting on page 12:
– Single application environment
– Build on existing ecosystem expertise
Familiar deployment model
– Platform integration not a bottleneck to
deployment of trusted apps”
Looking through the forum it almost looks like SGX is still not available as like almost no postings on it and the ones that do exist are fairly old. Also only like 7 posting using SGX?
As a developer I wanted to understand what I as a developer of say a C, C++, Java program need to do to implemented Intel SGX. So I wanted to see some examples so jumped to the SGX
But looking at the SGX API for this has me a bit concerned: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf
This seems to be some low level programing here like assembly but not quite sure have not seen nor done assembly since college like hummm 1985 lol .
On page 21 it pictorially depicts an enclave with enclave code but make no mention of what language it’s written in nor how it would interact with the user/untrusted area. Page 23 shows some instructions like ECRAETYE, EADD EINT etc. If this is the API where are some explicit code examples?
When I look in the SGX api guide they use terms like register which leads me to believe if you are to use Intel’s SGX you better be familiar with assembly and on intel processors to really use it? Is that true? If so how is that a familiar development model for most developers?
Ok so I finally found I think the answer to one question as looks like you are confined to C/C++ programing wise. And some documents seem to indicate an availability on Linux be it only Ubuntu but looking at https://software.intel.com/en-us/sgx-sdk looks like Windows only? So if want to or have existing applications on Linux or if code is written in some other language I guess you cannot utilize SGX?
You are correct. We currently only have bindings for C/C++ (meaning your enclave has to be written in C/C++). But, there is nothing preventing a developer from using another language (Java, C# for example) and calling those C/C++ interfaces from their respective native interface capabilities (JNI, PInvoke)
Regarding OS support, currently we only have SDK support for Windows at this time. Linux support coming in 2016.
Unfortunately, we do not have sample code that demonstrates JNI specifically. But, the strategy for solving this issue is the same for most/all managed languages. The developer needs to provide a “shim” library (C/C++) that is used to call into the enclave and supports any ocalls made from the enclave. The java app can then JNI to the shim library.
The tutorial series (https://software.intel.com/en-us/sgx/code-samples) uses this strategy for the application built in C# to make ecalls and support ocalls.