Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Reserving a section in Enclave.so

Changzheng_W_Intel
145 Views

Hi

I'd like to implement a binary loader inside SGX enclave. I want to reserve a section in sgx enclave via ld script so as to I can load my app dynamically into this memory region at runtime.

I add my reserve section in the ld scrtipt as

reserved :

{
    . += 0x1000;
}

at the end of the ld script (which I copied it from the output of 'ld -verbose').

Building enlave successfully via above ld script, but failed at the sgx sign process as

$: sgx_sign sign -key Enclave/Enclave_private.pem -enclave enclave.so -out enclave.signed.so -config Enclave/Enclave.config.xml
<!-- Please refer to User's Guide for the explanation of each field -->
<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMaxSize>0x40000</StackMaxSize>
    <HeapMaxSize>0x100000</HeapMaxSize>
    <TCSNum>10</TCSNum>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
The input enclave file is not correct.
Error happened while signing the enclave.

Is there any requirement for SGX enclave sections for the signning tool? I can't get any information about this from the developer manual, so hopefully I can get the answer here.

Thanks.

0 Kudos
0 Replies
Reply