Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

How to understand an ECALL with [out] parameter?

jason_t_
Beginner
‎01-03-2017 06:39 PM
948 Views
Solved Jump to solution

In Intel's SGX developer guide https://software.intel.com/en-us/node/696463, it mentions that:

[out] – when [out] is specified for a pointer argument, the parameter is returned from the called procedure to the calling procedure. In an ECALL function an out parameter is passed from the enclave to the application and an OCALL function passes it from the application to the enclave.

I am having some trouble understanding the ECALL with an [out] parameter. First of all, isn't ECALL defined to be a function call from outside the enclave to a function inside the enclave? Then how could a parameter be passed from the enclave to the application?

Second of all, it said the parameter is returned from the called procedure, how come a parameter can be returned?

 

 

0 Kudos
1 Solution
Rodolfo_S_
New Contributor III
‎01-04-2017 09:35 AM
948 Views
Solved Jump to solution

Hi, Jason.

I am having some trouble understanding the ECALL with an [out] parameter. First of all, isn't ECALL defined to be a function call from outside the enclave to a function inside the enclave? Then how could a parameter be passed from the enclave to the application?

Second of all, it said the parameter is returned from the called procedure, how come a parameter can be returned?

An ECALL means that the function will be executed inside an enclave. The [out] parameter means that it will be returned to the function call outside the enclave. See the example below:

// enclave.edl file
enclave {
    trusted {
        public void sum_pointers([in] int *p_int1, [in] int *p_int2, [out] int *p_result);
    };
};

// enclave.cpp file
void sum_pointers( int *p_int1, int *p_int2, int *p_result)
{
    *p_result = *p_int1 + *p_int2;
}

//app.cpp file
...
int main(){
...
    int int1 = 5, int2 = 10, result;
    sum_pointers( &int1, &int2, &result);
    printf("%d + %d = %d", int1, int2, result);
}

In this example, we have p_int1 and p_int2 as [in] parameters, while p_result is an [out] parameter. The function sum_pointers is an ECALL, therefore it will be executed inside the enclave. The parameters p_int1 and p_int2 are passed into the enclave, and the parameter p_result is passed from the enclave to the application after it is executed; it works as a return of the function.

 

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Rodolfo_S_
New Contributor III
‎01-04-2017 09:35 AM
949 Views
Solved Jump to solution

Hi, Jason.

I am having some trouble understanding the ECALL with an [out] parameter. First of all, isn't ECALL defined to be a function call from outside the enclave to a function inside the enclave? Then how could a parameter be passed from the enclave to the application?

Second of all, it said the parameter is returned from the called procedure, how come a parameter can be returned?

An ECALL means that the function will be executed inside an enclave. The [out] parameter means that it will be returned to the function call outside the enclave. See the example below:

// enclave.edl file
enclave {
    trusted {
        public void sum_pointers([in] int *p_int1, [in] int *p_int2, [out] int *p_result);
    };
};

// enclave.cpp file
void sum_pointers( int *p_int1, int *p_int2, int *p_result)
{
    *p_result = *p_int1 + *p_int2;
}

//app.cpp file
...
int main(){
...
    int int1 = 5, int2 = 10, result;
    sum_pointers( &int1, &int2, &result);
    printf("%d + %d = %d", int1, int2, result);
}

In this example, we have p_int1 and p_int2 as [in] parameters, while p_result is an [out] parameter. The function sum_pointers is an ECALL, therefore it will be executed inside the enclave. The parameters p_int1 and p_int2 are passed into the enclave, and the parameter p_result is passed from the enclave to the application after it is executed; it works as a return of the function.

 

0 Kudos
Copy link
Huorong_L_
New Contributor I
‎01-04-2017 05:25 PM
948 Views
Solved Jump to solution

Hi, Jason.

ECall/OCall has nothing to do with In/Out. They are relative to different situation.

ECall/OCall is relative to enclave: ECall means jumping into enclave while OCall means jumping out of enclave.

In/Out is relative to the function: In means parameter passing into the function while Out means parameter returning from the function.

 

0 Kudos
Copy link
jason_t_
Beginner
‎01-04-2017 05:34 PM
948 Views
Solved Jump to solution

I appreciate your answers, I understand it now.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.