Solved: Is it possible to get debug launch key using Intel SGX windows sdk

gu_j_1 · ‎02-22-2016

EGETKEY instruction can be able to get debug launch key of the SGX platform.
However, current Intel SGX windows sdk relies on visual studio. It seems that visual studio does not support EGETKEY.

Derek_B_Intel · ‎02-25-2016

The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk

The SGX SDK includes sample applications demonstrating key SGX features. The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.

At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.

An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.

View solution in original post

Derek_B_Intel · ‎02-23-2016

A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

John_T_2 · ‎02-23-2016

DEREK B. (Intel) wrote:

A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

Hi this answer is good but can you please advise a link to any blog post on this ?

So i can read this in detail ?

Thanks

gu_j_1 · ‎02-23-2016

DEREK B. (Intel) wrote:

A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.

The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.

When I use "sgx_get_key" to get license key(I guess this maybe launch key), however, each time the result is different.

Derek_B_Intel · ‎02-25-2016

The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk

The SGX SDK includes sample applications demonstrating key SGX features. The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.

At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.

An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.

View solution in original post