Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How to dump data in enclave memory ?



I try to print the memory data inside enclave using ocall like this (from linux SampleEnclave)

/* OCall functions */
void ocall_print_string(const char *str)
    /* Proxy/Bridge will check the length and null-terminate
     * the input string to prevent buffer overflow.
    printf("%s", str);

But it failed and core dump 

"Program received signal SIGSEGV, Segmentation fault.
0x00007ffff69c6943 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=ap@entry=0x7fffffffe368) at vfprintf.c:166


So is it allowed to dump or read the enclave memory in the ocall funtion?

0 Kudos
1 Reply

An OCALL temporarily exits the enclave, so it does not have access to enclave memory.

The SampleEnclave snippet you are referring to works because the bridge function copies the contents of the enclave memory buffer to a buffer allocated in unprotected memory. Note the EDL for the OCALL:


    untrusted {

        void ocall_print_string([in, string] const char *str);



The in parameter says to copy the memory buffer at str into the OCALL function's memory space (in this case, untrusted memory), and the string parameter says that the length of the buffer to be copied is taken from the length of the string. That is, it expects str to be NULL-terminated.


To find out why your program is crashing, we'd need to see your EDL and the code that both calls the OCALL as well as the OCALL itself.

0 Kudos