Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Launch Key and EINIT Token

SSuma1
Beginner
‎10-14-2015 12:01 AM
977 Views
Solved Jump to solution

The SGX Extensions Programming Reference, page 12, states that "The EINIT token is used by EINIT to verify that the enclave is permitted to launch." Some field in the EINIT token are MACed using Launch key, however, there seems to be a chicken-and-egg problem. Unless the enclave has called EINIT, the enclave is not operational yet, so calling EGETKEY for LaunchKey will return error. On the other hand, in order to compute the EINIT-Token CMAC, one need access to the launch key!!!

So, my question is how is one to prepare the EINIT Token? (Also, it will be really helpful if Intel could release the linux kernel driver for SGX.)

0 Kudos
1 Solution
Surenthar_S_Intel
Employee
‎07-21-2016 09:57 PM
977 Views
Solved Jump to solution

Hi Suman,

The Intel(r) SGX SDK for Linux* OS Open Source project is now live and can be found here:  https://01.org/intel-software-guard-extensions/

The code is hosted here:  https://github.com/01org/linux-sgx (link is external) and https://github.com/01org/linux-sgx-driver (link is external)

- Surenthar Selvaraj

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
Patrick_B_2
Beginner
‎10-29-2015 06:40 AM
976 Views
Solved Jump to solution

From what I've been able to ascertain through archeology in the SGX spec, Intel will need to provide an Intel-signed launch enclave to make SGX usable. This enclave will use EGETKEY to acquire the launch key for that processor and sign enclaves to allow them to run there. If that launch enclave isn't trying to enforce any particular policy about what enclaves can and can't run, it's actually a trivial piece of code. A basic launch enclave only requires user/enclave calling convention and an enclave CMAC implementation, both of which are simple and fundamental to any useful SGX implementation.

 

 

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎07-21-2016 09:57 PM
978 Views
Solved Jump to solution

Hi Suman,

The Intel(r) SGX SDK for Linux* OS Open Source project is now live and can be found here:  https://01.org/intel-software-guard-extensions/

The code is hosted here:  https://github.com/01org/linux-sgx (link is external) and https://github.com/01org/linux-sgx-driver (link is external)

- Surenthar Selvaraj

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.