Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

SGX enclave content

Jana_Klarmann
Beginner
338 Views

Hi,

I would like to control the content of my enclave. Windows SGX SDK allows to create and sign enclaves, however it is a black box. I have no knowledge about what is inside and I would like to be able to reproduce the enclave construction process such that i can inspect all pages added to the enclave and check the enclave hash. Is there a way to do that?

0 Kudos
1 Solution
Surenthar_S_Intel
338 Views

Two versions of sgx_emmt are provided in the Intel® Software Guard Extensions Evaluation SDK: 32bit version and 64bit version. Cross utilizing the tool will cause a measurement failure. By default, the 64bit version is utilized. To measure 32bit enclaves, use the 32bit version sgx_emmt manually.

I build the enclave and application in x64 bit mode and used the following command for measure the memory used by program within the enclave (Sample Application Shipped with Intel SGX SDK).

sgx_emmt --enclave=Enclave.signed.dll App.exe

sgx_emmt App.exe

Output: 
The commandline is : "App.exe".
Enclave : "Enclave.signed.dll"
       [Peak stack use] : 0xbc8
       [Peak heap use] : 0x1000

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

2 Replies
Simon_J_Intel
Employee
338 Views

The signing tool has to recreate the construction process to create the MRENCLAVE value and the SIGSTRUCT for the enclave. Is this not sufficient to meet your needs?

Surenthar_S_Intel
339 Views

Two versions of sgx_emmt are provided in the Intel® Software Guard Extensions Evaluation SDK: 32bit version and 64bit version. Cross utilizing the tool will cause a measurement failure. By default, the 64bit version is utilized. To measure 32bit enclaves, use the 32bit version sgx_emmt manually.

I build the enclave and application in x64 bit mode and used the following command for measure the memory used by program within the enclave (Sample Application Shipped with Intel SGX SDK).

sgx_emmt --enclave=Enclave.signed.dll App.exe

sgx_emmt App.exe

Output: 
The commandline is : "App.exe".
Enclave : "Enclave.signed.dll"
       [Peak stack use] : 0xbc8
       [Peak heap use] : 0x1000

Thanks and Regards,
Surenthar Selvaraj

Reply