Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How to change an enclave base address ?



I am working on Linux platform and have reserved a specific memory region (with fixed VA) for the enclave and hence, would like the enclave to always be loaded on to the target region. According to the sdk developer reference, the trusted runtime library uses __ImageBase to compute enclave base address.

I have tried to change the __ImageBase in the Makefile

Enclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
	-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
	-Wl,--defsym,__ImageBase=0x00007fa56e000000 -Wl,--gc-sections   \

and got a relocation: error /usr/bin/ld: failed to convert GOTPCREL relocation; relink with --no-relax

I added the --no-relax to the Enclave_Link_Flags but it seems g++ pickups the --no-relax but not the linker and hence, "unrecognized command". How can I relocate an enclave to a target VA address ?

0 Kudos
0 Replies