Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1502 Discussions

Inquiry About Creating Enclaves and Using Intel SGX SDK and PSW

Ankit_17
Beginner
1,396 Views
Hi,
 
 I am reaching out to seek assistance and guidance regarding Intel Software Guard Extensions (SGX) technology. I have successfully installed and built the Intel SGX SDK ,SGX Driver and Platform Software (PSW) on my LINUX system as per these instructions ( https://github.com/intel/linux-sgx )   and I've successfully compiled the codes under SampleCode folder, and now I'm interested in creating enclaves to secure data for my applications. I would greatly appreciate your guidance on the following topics:
 
1. Enclave Creation:
   I'm looking to create enclaves within my applications to enhance the security and confidentiality of sensitive data. Could you please provide me with detailed steps, best practices, and resources on how to create enclaves using the Intel SGX SDK? I am particularly interested in understanding the process of writing enclave code, compiling it, and integrating it with my applications.
 
2. Using SGX SDK and PSW:
   With the successful installation and build of the Intel SGX SDK and PSW, I would like to explore how to effectively utilize these tools to secure the data of my applications. Are there any specific guidelines, tutorials, or sample projects that showcase the integration of the SGX SDK and PSW to create secure enclaves?
 
3. Remote Attestation and Security Considerations:
   I am also curious about the concept of remote attestation and how it can be used to provide evidence of an enclave's authenticity. Additionally, I would appreciate any insights or best practices related to security considerations when designing and implementing enclaves to safeguard sensitive data.
 
Thank you
 
I am eager to learn and implement the best practices recommended by Intel to ensure the successful and secure utilization of SGX technology.
Your assistance in providing clear instructions, documentation references, and any relevant resources would be of immense help to me.
 
0 Kudos
4 Replies
Sahira_Intel
Moderator
1,254 Views

Hi Ankit_17,

Apologies for not responding sooner, we somehow missed this post.

1. Enclave Creation:

I'm looking to create enclaves within my applications to enhance the security and confidentiality of sensitive data. Could you please provide me with detailed steps, best practices, and resources on how to create enclaves using the Intel SGX SDK? I am particularly interested in understanding the process of writing enclave code, compiling it, and integrating it with my applications.

 

The best way to create a simple enclave is to look at the samples as you mentioned above to see the general workflow, and how Ecalls and Ocalls work. The most simple sample that will demonstrate this is SampleEnclave.

Two very valuable resources for writing your own applications are the Linux Developer Guide: https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Guide.pdf and the Developer Reference Guide: https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Reference_Linux_2.21_Open_Source.pdf  

 

2. Using SGX SDK and PSW:

With the successful installation and build of the Intel SGX SDK and PSW, I would like to explore how to effectively utilize these tools to secure the data of my applications. Are there any specific guidelines, tutorials, or sample projects that showcase the integration of the SGX SDK and PSW to create secure enclaves?

Please reference the two documents I linked earlier, they will go over the SDK and PSW as well. 

 

3. Remote Attestation and Security Considerations:

I am also curious about the concept of remote attestation and how it can be used to provide evidence of an enclave's authenticity. Additionally, I would appreciate any insights or best practices related to security considerations when designing and implementing enclaves to safeguard sensitive data.

 

Remote attestation allows an entity to gain a remote provider's trust. RA gives the relying party increased confidence that the software is running inside an SGX enclave and on a fully updated system at the latest security level (also referred to as the trusted computing base (TCB) version).

Attestation results provide the identity of the software being attested, details of an unmeasured state, and as assessment of possible software tampering.

 

Basically, after an enclave successfully attests itself to a relying party, an encrypted communication channel can be established between the two. Secret data can be exchanged directly to the enclave.

 

Visit this page for more information on SGX RA: https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html

And here is a great end-to-end example of RA: https://www.intel.com/content/www/us/en/developer/articles/code-sample/software-guard-extensions-remote-attestation-end-to-end-example.html

 

I hope this information was helpful. Please let me know if there are any specific questions I can answer for you.

 

Sincerely,

Sahira 

0 Kudos
Ankit_17
Beginner
1,241 Views

Hi @Sahira_Intel 

I want to write a simple "addition of two numbers" C++ program for practice or better understanding so how to use Intel SGX SDK package for linux to create enclaves.

 

In SDK there are sample codes(for example : SampleCode/ SampleEnclave/(App.cpp ,Enclave.cpp etc) how to use them for above mentioned program.

Regards

Ankit

0 Kudos
Sahira_Intel
Moderator
1,160 Views

Hi,

There are no other Intel SGX samples other than the ones I listed above from the SGX Linux Github. The best way is to read through the Developer Reference guide to understand how enclaves work and how they communicate with untrusted applications.

You can reference this discussion: https://stackoverflow.com/questions/61648303/intel-sgx-pass-ints-from-application-to-enclave from the SGX community that might be able to guide you.


Sincerely,

Sahira


0 Kudos
Ankit_17
Beginner
1,120 Views

Hi 

Thanks for the update.

If I'll have any doubt ,I 'll reach out to you for assistance 

0 Kudos
Reply