Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Is it possible to get debug launch key using Intel SGX windows sdk

gu_j_1
Beginner
1,513 Views

EGETKEY instruction can be able to get debug launch key of the SGX platform.
​However, current Intel SGX windows sdk relies on visual studio. It seems that visual studio does not support EGETKEY.

 

 

0 Kudos
1 Solution
Derek_B_Intel
Employee
1,513 Views

The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk

The SGX SDK includes sample applications demonstrating key SGX features.  The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.

At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.

An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.

View solution in original post

0 Kudos
4 Replies
Derek_B_Intel
Employee
1,513 Views

A enclave launch token will be generated when an enclave is loaded successfully.  The launch token can be saved and provided by the application when the enclave is launched subsequently.  The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

0 Kudos
John_T_2
Beginner
1,513 Views

DEREK B. (Intel) wrote:

A enclave launch token will be generated when an enclave is loaded successfully.  The launch token can be saved and provided by the application when the enclave is launched subsequently.  The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

 

Hi this answer is good but can you please advise a link to any blog post on this ?

So i can read this in detail ?

Thanks 

0 Kudos
gu_j_1
Beginner
1,513 Views

DEREK B. (Intel) wrote:

A enclave launch token will be generated when an enclave is loaded successfully.  The launch token can be saved and provided by the application when the enclave is launched subsequently.  The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

When I use "sgx_get_key" to get license key(I guess this maybe launch key), however, each time the result is different.

0 Kudos
Derek_B_Intel
Employee
1,514 Views

The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk

The SGX SDK includes sample applications demonstrating key SGX features.  The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.

At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.

An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.

0 Kudos
Reply