Intel SGX instructions nowhere to be found

Urs_M_ · ‎11-29-2016

To gain a deeper understanding of what's going on behind the scenes I am currently looking into the Linux Intel SGX SDK source and also compiled code of applications and enclaves.

My problem is that I cannot find the instructions ENCLS and ENCLU - neither in the source nor in the binaries (with binaries I mean the application as well as the enclave).

My questions:

1. At what point are these instructions executed and how can I find their locations?

2. Do current tools like objdump recognize these instructions?

Ofir_W_ · ‎11-29-2016

Hello,

At the linux sdk sources (https://github.com/01org/linux-sgx) look at linux-sgx/psw/urts/linux/enter_enclave.s

There is a label called "do_eenter" (line 50, in my version which is pretty recent). There you will find:

.Ldo_eenter:
    mov frame_arg0, %xbx                        /* tcs addr */
    lea_pic .Lasync_exit_pointer, %xcx          /* aep addr */
    mov $SE_EENTER, %xax                        /* EENTER leaf */

.Leenter_inst:
    ENCLU

I personally like to search for things with grep: "grep ENCLU * -rn".

Ofir

Urs_M_ · ‎11-29-2016

Well, this is embarassing. I actually used grep but messed up the parameters.

Thank you very much.

Zhang__Ruide · ‎01-26-2017

Hi all,

Actually you can find ENCLU in the enclave.so if you are using hardware mode.

But I still cannot find ENCLS. According to the intel programmer reference, encls should be used to create enclave and enclu to enter and exit enclave. So can someone tell me where can i find the code which creates enclave (i.e. ENCLS)?

Thank you!

Ruide

Zhang__Ruide · ‎01-26-2017

Hi all,

In addition, I find in the disassembly of enclave.so, there exist enclu[ecreate], which is rax = 0x0 and enclu. That seems to contradict with encls[ecreate]. I wonder why is that? Can someone help me out?

Also, for the original post, you may want to use GNU assembler 2.25.1 or above, GNU assembler 2.24 cannot recognize enclu or encls.

Ruide

Juan_d_Intel · ‎01-27-2017

ECREATE is ENCLS with EAX=00.

EREPORT is ENCLU with EAX=00

You can find ENCLS instructions in the driver, EENTER and ERESUME in the uRTS, and EEXIT, EGETKEY, and EREPORT inside the enclave.

yunfeng7854 · ‎09-24-2017

Juan del Cuvillo (Intel) wrote:

ECREATE is ENCLS with EAX=00.

EREPORT is ENCLU with EAX=00

You can find ENCLS instructions in the driver, EENTER and ERESUME in the uRTS, and EEXIT, EGETKEY, and EREPORT inside the enclave.

Hi, I am able to find EENTER, EEXIT, EGETKEY, and EREPORT. However, I cannot find ERESUME leaf functions in the sdk.

Could you explain how it is used to resume the enclave after a fault?

Thanks

Francisco_C_Intel · ‎09-26-2017

I think it's here:

https://github.com/01org/linux-sgx/blob/1115c195cd60d5ab2b80c12d07e21663e5aa8030/psw/urts/linux/sig_handler.cpp

yunfeng7854 · ‎09-26-2017

Francisco C. (Intel) wrote:

I think it's here:

https://github.com/01org/linux-sgx/blob/1115c195cd60d5ab2b80c12d07e21663e5aa8030/psw/urts/linux/sig_handler.cpp

Thank you for the reply. I used the SDK compiled in DEBUG=1 mode. However by looking at the SE_TRACE information, I think the "sig_handler" function was not triggered after page faults. ("sig_handler" is triggered if there is an exception such as "divided by zero".)

According to the manual, ERESUME should be used by the untrusted code to return to the enclave after a page fault.

I used the grep command to search from the SDK code, and found the only place of ERESUME was here too.

Haitao_H_Intel · ‎09-26-2017

When async exit happens, processor cook up something called synthetic state, which loads RAX with ERESUME leaf code, and so on.

So in uRTS we have the trampoline for ERESUME defined at line 110 in this file:https://github.com/01org/linux-sgx/blob/1115c195cd60d5ab2b80c12d07e21663e5aa8030/psw/urts/linux/enter_enclave.S#L110