Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Question about the Monotonic Counter in sealed data

tianyi_z_
Beginner
1,525 Views

Hi,

I am just working on the sealing data of the Intel® SGX, and I found that I can only get about 200 counters when I tried to split a huge file and seal them. So I am wondering how many counters can I get at one enclave and is there any possible way to seal a big file and split them with replay protection?

By the way, I didn't see much documentation (or sample code) of the sealing data part, can Intel provide more for us to learn and use?

Thanks a lot.

Tianyi Z.

0 Kudos
1 Solution
Surenthar_S_Intel
1,525 Views

tianyi z. wrote:

Hi,

  And one more thing is, when I was debugging my replay-policy program, I suddenly found that I didn't destroy the counter and now I can't create a new one in this enclave!(It always gives me a response "SGX_ERROR_MC_OVER_QUOTA", even it was my first time to create a counter when I start the program)  What can I do to destroy all the old counters in the enclave although the "uuid" are lost……

 BTW, I tried to restart the program but it doesn't work, it seems that the counter will be saved in the SGX service but not in the memory of my program……

 Best.

 Tianyi Z.

Hi Tianyi,

sgx_create_monotonic_counter:

  • sgx_create_monotonic_counter creates a monotonic counter with default owner policy.
  • Syntax:
    • sgx_status_t sgx_create_monotonic_counter(sgx_mc_uuid_t * counter_uuid, uint32_t * counter_value);
  • Description:
    • Call sgx_create_monotonic_counter() to create a monotonic counter with default owner_policy 0x1, which means enclaves with same signing key can access the monotonic counter and default owner_attribute_mask 0xFFFFFFFFFFFFFFCB.
    • The caller should call sgx_create_pse_session to establish a session with the platform service enclave before calling this API.
  • SGX_ERROR_MC_OVER_QUOTA means the enclave has reached the quota(256) of Monotonic Counters it can maintain.
  • NOTE:
    • One application is not able to access the monotonic counter created by another application in simulation mode. This also affects two different applications using the same enclave.

Destroy all the old counters in the enclave using sgx_destroy_monotonic_counter.

sgx_destroy_monotonic_counter:

  • sgx_destroy_monotonic_counter destroys a monotonic counter created by sgx_create_monotonic_counter.
  • Syntax:
    • sgx_status_t sgx_destroy_monotonic_counter(const sgx_mc_uuid_t * counter_uuid);
  • Description:
    • Calling sgx_destroy_monotonic_counter() after a monotonic counter is not needed any-more.
    • The caller should call sgx_create_pse_session to establish a session with the platform service enclave before calling this API.

Refer page no 173 in Intel-SGX-SDK-Users-Guide-for-Windows-OS.pdf

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
10 Replies
Surenthar_S_Intel
1,524 Views

Hi Tianyi,

         As per SGX documentation (Intel SGX SDK User Guide), the maximum allowable quota for creating the "Monotonic Counter" for an enclave is 256. If you try to create "Monotonic Counters" exceeding 256, "sgx_create_monotonic_counter" will return the error code "SGX_ERROR_MC_OVER_QUOTA". Since there is a limitation in using the "Montonic Counters" in an enclave,  we have to decide the data's to be sealed accordingly. Moreover if the "Montonic Counter" obtained in an enclave is not in use, we can delete that counter. So it will be helpful to obtain new Monotonic counter and seal more data without any bottle neck.

Thanks and Regrads,
Surenthar Selvaraj

0 Kudos
tianyi_z_
Beginner
1,524 Views

Hi Surenthar,

  Thank you for your reply, and I still have another question, I notice that once I add the time-base policy or replay-protect policy to my sealed data, there is a function called sgx_create_pse_session (alone with sgx_close_pse_session) need to be called.

  I wonder what is this function actually doing and it did take a lot of time when calling that.

  Best,

  Tianyi Z.

0 Kudos
tianyi_z_
Beginner
1,524 Views

Hi,

  And one more thing is, when I was debugging my replay-policy program, I suddenly found that I didn't destroy the counter and now I can't create a new one in this enclave!(It always gives me a response "SGX_ERROR_MC_OVER_QUOTA", even it was my first time to create a counter when I start the program)  What can I do to destroy all the old counters in the enclave although the "uuid" are lost……

 BTW, I tried to restart the program but it doesn't work, it seems that the counter will be saved in the SGX service but not in the memory of my program……

 Best.

 Tianyi Z.

0 Kudos
Surenthar_S_Intel
1,524 Views

tianyi z. wrote:

Hi Surenthar,

  Thank you for your reply, and I still have another question, I notice that once I add the time-base policy or replay-protect policy to my sealed data, there is a function called sgx_create_pse_session (alone with sgx_close_pse_session) need to be called.

  I wonder what is this function actually doing and it did take a lot of time when calling that.

  Best,

  Tianyi Z.

Hi Tianyi,

sgx_create_pse_session:

  • sgx_create_pse_session creates a session with the PSE.
  • Syntax:
    • sgx_status_t sgx_create_pse_session(void);
  • Description:
    • An Intel® SGX enclave first calls sgx_create_pse_session()in the process to request platform service. It's suggested that the caller should wait (typically several seconds to tens of seconds) and retry this API if SGX_ERROR_BUSY is returned.

Refer page no 168 in Intel-SGX-SDK-Users-Guide-for-Windows-OS.pdf

Thanks and Regards,
Surenthar Selvaraj

0 Kudos
tianyi_z_
Beginner
1,524 Views

Surenthar Selvaraj. (Intel) wrote:

Quote:

tianyi z. wrote:

 

Hi Surenthar,

  Thank you for your reply, and I still have another question, I notice that once I add the time-base policy or replay-protect policy to my sealed data, there is a function called sgx_create_pse_session (alone with sgx_close_pse_session) need to be called.

  I wonder what is this function actually doing and it did take a lot of time when calling that.

  Best,

  Tianyi Z.

 

 

Hi Tianyi,

sgx_create_pse_session:

  • sgx_create_pse_session creates a session with the PSE.
  • Syntax:
    • sgx_status_t sgx_create_pse_session(void);
  • Description:
    • An Intel® SGX enclave first calls sgx_create_pse_session()in the process to request platform service. It's suggested that the caller should wait (typically several seconds to tens of seconds) and retry this API if SGX_ERROR_BUSY is returned.

Refer page no 168 in Intel-SGX-SDK-Users-Guide-for-Windows-OS.pdf

Thanks and Regards,
Surenthar Selvaraj

 

Hi Surenthar,

Thank you for your reply, anyway, I am still wondering about the "Intel platform service".

 However, I think you missed my second question (about the counter) above, I am still working on it.

Thanks again.

Best,

Tianyi Z.

0 Kudos
Surenthar_S_Intel
1,526 Views

tianyi z. wrote:

Hi,

  And one more thing is, when I was debugging my replay-policy program, I suddenly found that I didn't destroy the counter and now I can't create a new one in this enclave!(It always gives me a response "SGX_ERROR_MC_OVER_QUOTA", even it was my first time to create a counter when I start the program)  What can I do to destroy all the old counters in the enclave although the "uuid" are lost……

 BTW, I tried to restart the program but it doesn't work, it seems that the counter will be saved in the SGX service but not in the memory of my program……

 Best.

 Tianyi Z.

Hi Tianyi,

sgx_create_monotonic_counter:

  • sgx_create_monotonic_counter creates a monotonic counter with default owner policy.
  • Syntax:
    • sgx_status_t sgx_create_monotonic_counter(sgx_mc_uuid_t * counter_uuid, uint32_t * counter_value);
  • Description:
    • Call sgx_create_monotonic_counter() to create a monotonic counter with default owner_policy 0x1, which means enclaves with same signing key can access the monotonic counter and default owner_attribute_mask 0xFFFFFFFFFFFFFFCB.
    • The caller should call sgx_create_pse_session to establish a session with the platform service enclave before calling this API.
  • SGX_ERROR_MC_OVER_QUOTA means the enclave has reached the quota(256) of Monotonic Counters it can maintain.
  • NOTE:
    • One application is not able to access the monotonic counter created by another application in simulation mode. This also affects two different applications using the same enclave.

Destroy all the old counters in the enclave using sgx_destroy_monotonic_counter.

sgx_destroy_monotonic_counter:

  • sgx_destroy_monotonic_counter destroys a monotonic counter created by sgx_create_monotonic_counter.
  • Syntax:
    • sgx_status_t sgx_destroy_monotonic_counter(const sgx_mc_uuid_t * counter_uuid);
  • Description:
    • Calling sgx_destroy_monotonic_counter() after a monotonic counter is not needed any-more.
    • The caller should call sgx_create_pse_session to establish a session with the platform service enclave before calling this API.

Refer page no 173 in Intel-SGX-SDK-Users-Guide-for-Windows-OS.pdf

Thanks and Regards,
Surenthar Selvaraj

0 Kudos
Juan_d_Intel
Employee
1,524 Views

If an enclave reaches its quota and previously created MC UUIDs have not been recorded, you may restore the MC service after uninstalling the SGX PSW and installing it again. Note that this procedure will delete *ALL* MCs created by any enclave in that system.

 

0 Kudos
tianyi_z_
Beginner
1,525 Views

Juan D. (Intel) wrote:

If an enclave reaches its quota and previously created MC UUIDs have not been recorded, you may restore the MC service after uninstalling the SGX PSW and installing it again. Note that this procedure will delete *ALL* MCs created by any enclave in that system.

 

 

Dear Juan

Thank you for your reply, I will re-install the service if I need more MC. Anyway, it's easy to forget to delete those MCs, especially when someone is debugging his program, so I think there might be some other way to delete those "forgotten" MCs.

Best,

Tianyi Z.

0 Kudos
Juan_d_Intel
Employee
1,525 Views

BTW, how big is the file you're trying to seal? 100s of GB or several TB?

Sealing uses AES-GCM for encryption, which provides data confidentiality of up to about 64GB per invocation.

0 Kudos
tianyi_z_
Beginner
1,525 Views

Hi Juan,

the file is just several GB, and the only problem we have got is that we can not load them all into the enclave at once because the RAM of each enclave is not that big, that's why we are trying to split them. However, our data support random access, so we can still reach our interest point of the data even when we split and save them.

Anyway, thank you for your reply,

Best,

Tianyi Z.

 

Juan D. (Intel) wrote:

BTW, how big is the file you're trying to seal? 100s of GB or several TB?

Sealing uses AES-GCM for encryption, which provides data confidentiality of up to about 64GB per invocation.

0 Kudos
Reply