Hi Jesus,

I know that enclave is not an IDE and I have tried to create an Intel SGX Project from Visual Studio (by using Intel SGX template) and this process seems to load an empty enclave. My question is that after this inclave is loaded is there any automatic way to import a current non-native and modified Linux application inside Enclave?

Cheers,

Klei

Hello Klei,

You cannot automatically import random code into an enclave. I recommend to read the document, "Intel SGX SDK Developer Reference for Windows OS.pdf," which was extracted as part of the Intel SGX SDK for Windows that I assume you downloaded and installed. The guide will tell you how to code your own enclave. Also, the SDK provides several sample enclaves that you can use a reference.

Regards,

Jesus

Hi Jesus,

My application is a Linux application so therefore I need to develop my SGX application in Ubuntu OS. I am new in SGX Enclave and my question may sound a bit dumb but if I use Visual Stuio on Windows and develop my application there, can I run it in Ubuntu machine later on?

And my last question, I have seen a sample project and it seems that the all project directory is divided into App and Enclave folders. And I see inside Enclave directory there is an Enclave.cpp which is basically the code residing inside enclave. Now my question is that my application is big and I have different folders and each folder different cpp files. And of course I can not put all my application code inside a single enclave file (enclave.cpp). Can you please explain me how my application folders can be placed inside enclave? Should I put all the code inside a single enclave.cpp file or just we accomplish that by placing all my application under the big Enclave folder I mentioned first? I hope I am clear to have expressed what I really mean

Cheers,

Klei

Hello Klei,

We do not recommend to put your whole application inside of an Enclave as you are very limited in memory space and you will want to limit your security exposure by keeping your code as small as possible. I recommend to read the Intel SGX Developer Guide so you can get a better understanding on what kind of code should go inside an enclave and what goes outside of it. This is not the type of technology that is meant to run huge pieces of code many different source files.

Note that Intel SGX is not a good fit for generic applications. Intel SGX is meant to provide extreme security to protect very sensitive code and data. Please see this website for more info and an introduction. 

In general , it is possible to build Linux applications with Visual Studio but we recommend to develop Linux SGX applications in Linux and develop Windows SGX applications in Visual Studio in Windows.

Regards,

Jesus

I know  big applications like mine which use Intel SGX technology to protect their codes like for instance like this one https://github.com/YangZhou1997/SafeBricks

Plus I am wondering what you call large project since mine in size is around 8 Mbs and I know that EPC size is around 128 MBs. Let say that the keys I will store will be of kbs so I guess even all my application can fit inside an enclave without the need of trigering EPC paging. 

Can you suggest me any tutorial or white paper which tells how to build Linux Application with SGX, I would really much appreciate it!

Cheers,

Klei

Hello Klei,

Thanks for the clarification.

There are several documents you can read to get you up and running.

The Installation, Developer, and Reference guides for Linux are located here.

Below are the links to the equivalent guides for Windows in case you would like to see them.

Intel SGX Developer Guide for Windows.pdf

Intel SGX Installation Guide for Windows OS.pdf

Intel SGX SDK Developer Reference for Windows OS.pdf

Regards,

Jesus