Link Copied
Hello mzaman,
Yes.
Specify the --search_path for the sgx_edger8r tool so that it can find the edl files. Modify this line in the Makefile accordingly:
$(SGX_EDGER8R) --search-path $(SGXSDK_INCDIR) $(SGX_EDGER8R_FLAGS) --untrusted $<
Sincerely,
Jesus G.
Intel Customer Support
Hello Mzaman,
It is not possible to make calls directly to the outside world from inside an enclave. You must create ocalls from the enclave to your application, then the application can make the REST API or HTTP requests on behalf of the enclave.
Sincerely,
Jesus G.
Intel Customer Support
Hi Jesus G.
So, I was trying to write an ocall as you said on the sgx-ra-sample example. When I am trying to import another .edl file it's showing file not found within the search paths. I am following the developers guide format.
from"../../sys/other_secure_comms.edl"import*;
Do I need to change the make file in sgx-ra-sample example?
Thanks,
Mzaman
Hello mzaman,
Yes.
Specify the --search_path for the sgx_edger8r tool so that it can find the edl files. Modify this line in the Makefile accordingly:
$(SGX_EDGER8R) --search-path $(SGXSDK_INCDIR) $(SGX_EDGER8R_FLAGS) --untrusted $<
Sincerely,
Jesus G.
Intel Customer Support
Hello mzaman,
Did my previous suggestion help you fix your issue?
Sincerely,
Jesus G.
Intel Customer Support
Hi Jesus G,
Thanks for the suggestion it's solving the issue. I am still working on to create a client inside enclave through OCALL. If you have any recommendation or sample code regarding this please let me know.
Thanks,
Mzaman
Hello Mzaman,
I recommend to look at the sample programs provided with the SGX SDK for guidance. I don't have sample code beyond that.
The Intel SGX Developer Reference Guide for Linux in the Documentation section of the latest release in Intel® Software Guard Extensions SDK for Linux* is very helpful.
Sincerely,
Jesus G.
Intel Customer Support
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
Hello @JesusG_Intel
I have a situation:
I have a scenario that I must connect to a web server and I need to keep the response data safe. I also need to process the data in the trusted part. The possibility of making an HTTP request from the enclave solve the issue, however, you said that:
"It is not possible to make calls directly to the outside world from inside an enclave. You must create ocalls from the enclave to your application, then the application can make the REST API or HTTP requests on behalf of the enclave."
from my point of view, the SSL connection will keep the data safe during the transmission, however, once I read it in the untrusted code, the data can no longer be considered safe.
I am new to sgx technology and I know intel won't allow this security risk. What I am missing ? Can you guide me on how to make a safe HTTP request using sgx?
Thanks
Hi is_0054,
I am also beginner in sgx.
May be you can open a server in the enclave which will protect the data as sgx claims.
I could be wrong.
Thanks
Mzaman
hey @mzaman
But According @JesusG_Intel it is not possible to make a HTTP call to the outside world from the enclave
Hi,
You need to create ocalls for contacting with the outer world/application.
That's what I understand.
Regards,
Mzaman
yes, but in that case, I will receive the data in the application, which means the untrusted part. However, one of the requirements is that the data needs to be secure at all times. I can not have the data in the application.
Then I facing a dilemma. I can't do the HTTP request from the enclave, but I need to have the received data safe, which means that the data must be received from the trusted part, where is no way to make the call..
I don't know if is a misunderstanding of my concepts.
Hello is_0054 and mzaman,
These follow-up questions are being addressed in this thread: https://community.intel.com/t5/Intel-Software-Guard-Extensions/http-request-call-in-a-sgx-applicatio....
For more complete information about compiler optimizations, see our Optimization Notice.