EGETKEY instruction can be able to get debug launch key of the SGX platform.
However, current Intel SGX windows sdk relies on visual studio. It seems that visual studio does not support EGETKEY.
Link Copied
The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk
The SGX SDK includes sample applications demonstrating key SGX features. The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.
At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.
An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.
A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.
The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.
DEREK B. (Intel) wrote:
A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.
The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.
Hi this answer is good but can you please advise a link to any blog post on this ?
So i can read this in detail ?
Thanks
DEREK B. (Intel) wrote:
A enclave launch token will be generated when an enclave is loaded successfully. The launch token can be saved and provided by the application when the enclave is launched subsequently. The SampleEnclave project provided with the SDK as well as the SGX Users Guide provide sample code to demonstrate this behavior.
The SGX SDK includes a trusted API function, “sgx_get_key”, which is a wrapper for the SGX EGETKEY instruction. Please refer to the SGX SDK User’s Guide for additional details on this API.
When I use "sgx_get_key" to get license key(I guess this maybe launch key), however, each time the result is different.
The Intel SGX SDK can be downloaded from: https://software.intel.com/en-us/sgx-sdk
The SGX SDK includes sample applications demonstrating key SGX features. The SampleEnclave project, file: App.cpp, function: initialize_enclave(void), includes handling of the launch token.
At this time Intel is only supporting ISV developers to use the REPORT and SEAL from their enclaves.
An SGX_INVALID_ATTRIBUTE error is returned by the EGETKEY instruction if keys other than these are requested by an ISV enclave. Refer to the Intel® Software Guard Extensions (Intel® SGX) Programming Reference for details on the EGETKEY Instruction.
For more complete information about compiler optimizations, see our Optimization Notice.