Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Obtaining an enclave thread's stack address

PYuhala
Beginner
1,003 Views

Hello, from my understanding creating a thread within an Intel SGX enclave is illegal, and can only be done outside. I use the pthread API to create threads outside which then get into the enclave runtime. According to the SDM, all threads entering the enclave have their thread context (TCS, stack, TLS, etc) in the latter.

I would like to know if the value returned by a posix call such as pthread_attr_getstack (via an ocall) for such an enclave thread is the correct value of the corresponding thread's stack address given that the latter was spawned outside. If it is not, how then could one obtain the value of an enclave thread's stack address from within the enclave runtime ?

0 Kudos
4 Replies
JesusG_Intel
Moderator
984 Views

Hello PYuhala,


Calling pthread_att_getstack will not give you the value of the enclave's stack pointer as that is in protected memory and pthread will not have access to that. What is the purpose of getting the enclave thread's stack address?


0 Kudos
PYuhala
Beginner
980 Views

Hello @JesusG_Intel ,

Thank you for your answer. I linked my enclave code with a custom static library which invokes many routines of the "pthread" family such as "pthread_attr_getstack()". I am trying to port the said library to my enclave by redefining those routines as ocalls to the glibc variants out of the enclave. I have successfully re-implemented a good number of them (I know the latest SDK supports some pthreadxxx stuff too) via ocalls, and was stuck at the level of "pthread_attr_getstack()", as the value returned via an ocall would not be the correct value for the trusted stack, as you have pointed out. 

0 Kudos
JesusG_Intel
Moderator
966 Views

Hello PYuhala,


I cannot find a good way to get the stack pointer address from within an enclave.


0 Kudos
JesusG_Intel
Moderator
950 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply