Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX invokes wrong method

Paul_Ruiz_Pauker
Beginner
385 Views

*** Update 2020-03-25 ***

Even thought I eventually solved my problem, I'll like to share a post I found that depicts exactly the problem mentioned:

https://kryptoguard.com/kryptoguardtrade-developer-zone-blog/trusted-static-libraries-design-constraint

############################################################################

I'm developing SGX enclaves. I have let's say three methods in EDL: A, B and C; then for some strange reason when calling A from the wrapper, sgx executes B instead.

UPDATE

I've managed to isolate the error, below my findings.

Scenario:

I'm writing an enclave library and a wrapper library to hold reusable code, i.e local attestation, logging(debug), etc.

  • VSC++ 2015
  • Two Enclaves: SourceEnclave & TargetEnclave
  • Two Wrappers: SourceWrapper & TargetWrapper
  • One Enclave Library: EnclaveCommonLib
  • One Wrapper Library: WrapperCommonLib
  • I've many enclave methods in different EDL files inside the EnclaveCommonLib, and both Source and Target enclaves import the EDL files from the common EDLs.

Then, while the SorceEnclave's EDL has additional methods, the TargetEnclave's EDL does not, it's empty, appart from the imports it has nothing.

At this point I'm getting the strange behavior I described before, calling a (common) method on the Target Enclave caused the enclave to invoke a different method. Apparently the Edge8r generator fails to correctly generate the method invocation table, therefore the invocation calls wrong methods. This fails only when the TargetEnclave is empty (has no own methods), as soon as I add one method everything works fine.

So now my question is: is it intended to work like this, or is it a bug?

0 Kudos
2 Replies
Hoang_N_Intel
Employee
385 Views

Is there any way that you can stub out your project (e.g. remove your main coding) and post this entire project with empty TargetEnclave for us to recreate the issue?

0 Kudos
Narasimhan__Kamala
385 Views

Paul - if you as well encountered the issue and can still reproduce it, this might very well be a design level issue as I had initially suspected.  You might benefit from inviting to the conversation, people like Joanna Rutkowska (Graphene-ng) and Fortanix folks.  Since they ought to have been involved in building larger projects, and larger projects usually tend to be modular, this is an issue that is likely to affect them, if not interest them.  That's probably the best way to get Intel's attention to the issue - the more people with existing or anticipated problem in the area join the conversation, the more likely it is to get the attention and hopefully get it fixed.

Kamala

0 Kudos
Reply