- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The SGX Extensions Programming Reference, page 12, states that "The EINIT token is used by EINIT to verify that the enclave is permitted to launch." Some field in the EINIT token are MACed using Launch key, however, there seems to be a chicken-and-egg problem. Unless the enclave has called EINIT, the enclave is not operational yet, so calling EGETKEY for LaunchKey will return error. On the other hand, in order to compute the EINIT-Token CMAC, one need access to the launch key!!!
So, my question is how is one to prepare the EINIT Token? (Also, it will be really helpful if Intel could release the linux kernel driver for SGX.)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suman,
The Intel(r) SGX SDK for Linux* OS Open Source project is now live and can be found here: https://01.org/intel-software-guard-extensions/
The code is hosted here: https://github.com/01org/linux-sgx (link is external) and https://github.com/01org/linux-sgx-driver (link is external)
- Surenthar Selvaraj
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From what I've been able to ascertain through archeology in the SGX spec, Intel will need to provide an Intel-signed launch enclave to make SGX usable. This enclave will use EGETKEY to acquire the launch key for that processor and sign enclaves to allow them to run there. If that launch enclave isn't trying to enforce any particular policy about what enclaves can and can't run, it's actually a trivial piece of code. A basic launch enclave only requires user/enclave calling convention and an enclave CMAC implementation, both of which are simple and fundamental to any useful SGX implementation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suman,
The Intel(r) SGX SDK for Linux* OS Open Source project is now live and can be found here: https://01.org/intel-software-guard-extensions/
The code is hosted here: https://github.com/01org/linux-sgx (link is external) and https://github.com/01org/linux-sgx-driver (link is external)
- Surenthar Selvaraj
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page