Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX-PCL for Windows

sj
Beginner
425 Views

Hi,

I have been looking for SGX-PCL support references for the Windows development environment. It seems that the support was included in the SDK starting with version 2.3, but I am unable to find any reference for usage. Can somebody point me to the right direction.

Another separate issue - its clear that currently, there is no mechanism to have a dll or so dynamically loaded in SGX. Has there been any workaround proposed for this for simple dll's on Windows?

0 Kudos
1 Solution
JesusG_Intel
Moderator
415 Views

Hello SJ,


You can find information on PCL for Windows in the Intel Software Guard Extensions Developer Reference for Windows, https://software.intel.com/content/www/us/en/develop/download/sgx-sdk-developer-reference-windows.ht..., starting on page 165. The SGX SDK for Windows also includes a sample called SampleEnclavePCL.


You are right regarding the fact that you cannot dynamically link libraries with the enclave DLL. The reason for this is best explained in the SDK Developer Reference Guide I linked to above:


"An enclave DLL must not depend on any dynamically linked library in any way. The enclave loader has been intentionally designed to prohibit dynamic linking of libraries within an enclave. The protection of an enclave is dependent upon obtaining an accurate measurement of all code and data that is placed into the enclave at load time; thus, dynamic linking would add complexity without providing any benefit over static linking."


Regards,


View solution in original post

2 Replies
JesusG_Intel
Moderator
416 Views

Hello SJ,


You can find information on PCL for Windows in the Intel Software Guard Extensions Developer Reference for Windows, https://software.intel.com/content/www/us/en/develop/download/sgx-sdk-developer-reference-windows.ht..., starting on page 165. The SGX SDK for Windows also includes a sample called SampleEnclavePCL.


You are right regarding the fact that you cannot dynamically link libraries with the enclave DLL. The reason for this is best explained in the SDK Developer Reference Guide I linked to above:


"An enclave DLL must not depend on any dynamically linked library in any way. The enclave loader has been intentionally designed to prohibit dynamic linking of libraries within an enclave. The protection of an enclave is dependent upon obtaining an accurate measurement of all code and data that is placed into the enclave at load time; thus, dynamic linking would add complexity without providing any benefit over static linking."


Regards,


View solution in original post

sj
Beginner
391 Views

Thank you very much JesusG.

The documentation does lay out the steps with heavy detail, but I was looking for more an example because I was consistently getting Unknown Errors with basic implementation.  What I didn't realize is that there is a good example with the SDK that provides info. So problem solved!

The DLL thing is a bit unfortunate. There are projects that don't have source code or static libs available. So being able to add a small wrapper around a DLL, which is disassembled somehow would have been nice.

Reply