Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

OCaml and SGX

Ivana_V_
Beginner
135 Views

Hi

I got stuck trying to run OCaml code within an SGX enclave and would
very much appreciate some help.

I so far managed to write a C wrapper around my OCaml code using the
functionalities described here:
https://caml.inria.fr/pub/docs/manual-ocaml/intfc.html

Now, to link the code, I have to load the OCaml runtime using
-lcamlrun_pic (-lcamlrun is not PIC compatible).

The problem is now that camlrun_pic uses standard libraries quite
heavily.  It looks like I could add the missing functionalities by doing
something like that:
http://www.tatetian.io/2016/01/25/file-io-inside-intel-sgx-enclave/

Do you think that's the right approach?  Is there an easier one?

Best,
Ivana

0 Kudos
1 Reply
Scott_R_Intel
Employee
135 Views

Hi Ivana.

Yes, creating ocall's for all required standard library calls that aren't included in the SGX libraries is the only way to do get to them from within an enclave.

Though, you may want to have a look at the Graphene-SGX Library OS project...  it may work for your needs:  https://github.com/oscarlab/graphene

Regards.

Scott

Reply