- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ankit_17,
Apologies for not responding sooner, we somehow missed this post.
1. Enclave Creation:
I'm looking to create enclaves within my applications to enhance the security and confidentiality of sensitive data. Could you please provide me with detailed steps, best practices, and resources on how to create enclaves using the Intel SGX SDK? I am particularly interested in understanding the process of writing enclave code, compiling it, and integrating it with my applications.
The best way to create a simple enclave is to look at the samples as you mentioned above to see the general workflow, and how Ecalls and Ocalls work. The most simple sample that will demonstrate this is SampleEnclave.
Two very valuable resources for writing your own applications are the Linux Developer Guide: https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Guide.pdf and the Developer Reference Guide: https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.21_Open_Source.pdf
2. Using SGX SDK and PSW:
With the successful installation and build of the Intel SGX SDK and PSW, I would like to explore how to effectively utilize these tools to secure the data of my applications. Are there any specific guidelines, tutorials, or sample projects that showcase the integration of the SGX SDK and PSW to create secure enclaves?
Please reference the two documents I linked earlier, they will go over the SDK and PSW as well.
3. Remote Attestation and Security Considerations:
I am also curious about the concept of remote attestation and how it can be used to provide evidence of an enclave's authenticity. Additionally, I would appreciate any insights or best practices related to security considerations when designing and implementing enclaves to safeguard sensitive data.
Remote attestation allows an entity to gain a remote provider's trust. RA gives the relying party increased confidence that the software is running inside an SGX enclave and on a fully updated system at the latest security level (also referred to as the trusted computing base (TCB) version).
Attestation results provide the identity of the software being attested, details of an unmeasured state, and as assessment of possible software tampering.
Basically, after an enclave successfully attests itself to a relying party, an encrypted communication channel can be established between the two. Secret data can be exchanged directly to the enclave.
Visit this page for more information on SGX RA: https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html
And here is a great end-to-end example of RA: https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html
I hope this information was helpful. Please let me know if there are any specific questions I can answer for you.
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to write a simple "addition of two numbers" C++ program for practice or better understanding so how to use Intel SGX SDK package for linux to create enclaves.
In SDK there are sample codes(for example : SampleCode/ SampleEnclave/(App.cpp ,Enclave.cpp etc) how to use them for above mentioned program.
Regards
Ankit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
There are no other Intel SGX samples other than the ones I listed above from the SGX Linux Github. The best way is to read through the Developer Reference guide to understand how enclaves work and how they communicate with untrusted applications.
You can reference this discussion: https://stackoverflow.com/questions/61648303/intel-sgx-pass-ints-from-application-to-enclave from the SGX community that might be able to guide you.
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Thanks for the update.
If I'll have any doubt ,I 'll reach out to you for assistance

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page