Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SampleEnclavePCL building error

Criston__Anna
New Contributor I
1,203 Views

Hi! I get the following building error when trying to build the SDK sample solution SampleEnclavePCL:


Error    MSB3073    The command ""C:\Program Files (x86)\Intel\IntelSGXSDK\bin\win32\release\sgx_enc_ip.exe" -k key.bin -i "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Debug\Enclave.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Debug\Enclave.enc.dll" && "C:\Program Files (x86)\Intel\IntelSGXSDK\bin\win32\release\sgx_sign.exe" sign -key "Enclave_private.pem" -enclave "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Debug\Enclave.enc.dll" -out "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Debug\Enclave.signed.dll" -config "Enclave.config.xml"
:VCEnd" exited with code -1073741515.    Enclave    C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\VC\VCTargets\Microsoft.CppCommon.targets    138    

 

and in the output of the program: Failed to read sealed_key.bin. Error: Can't open enclave file.

 

Details:

Target Platform: Windows 10 version 10.0.18363 Build 18363

Windows SDK version: 10.01.6299.0

Platform Toolset ; Visual Studio 2017(v141)

 SGX SDK version: 2.7.101.2

SGX PSW version: 2.7.101.2

SGX Device version: 2.7.100.2

 

I do not know where the problem is. If anybody could help me solve it.

 

 

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,203 Views

Hi Anna,

In Visual Studio

1. Right click the project Enclave->Properties->Build Events->Post-Build Event->Change Command line to read as below. I bolded the only change. This step encrypts the enclave.dll then needs to sign the encrypted version, which is called enclave.enc.dll.

"$(SGXSDKInstallPath)bin\x64\release\sgx_enc_ip.exe" -k key.bin -i "$(OutDir)Enclave.dll" -o "$(OutDir)Enclave.enc.dll" && "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "Enclave_private.pem" -enclave "$(OutDir)Enclave.enc.dll" -out "$(OutDir)Enclave.signed.enc.dll" -config "Enclave.config.xml"

I found this in the document Intel Software Guard Extensions Developer Reference for Windows OS, page 101. There is a list there called, "Modifications to IP Enclave" for modifications needed to compile this enclave.

Regards,

Jesus

Intel Customer Support

View solution in original post

0 Kudos
14 Replies
JesusG_Intel
Moderator
1,203 Views

Hi Anna, I got the same error. I'm looking into it.

Jesus

Intel Customer Support

0 Kudos
JesusG_Intel
Moderator
1,204 Views

Hi Anna,

In Visual Studio

1. Right click the project Enclave->Properties->Build Events->Post-Build Event->Change Command line to read as below. I bolded the only change. This step encrypts the enclave.dll then needs to sign the encrypted version, which is called enclave.enc.dll.

"$(SGXSDKInstallPath)bin\x64\release\sgx_enc_ip.exe" -k key.bin -i "$(OutDir)Enclave.dll" -o "$(OutDir)Enclave.enc.dll" && "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "Enclave_private.pem" -enclave "$(OutDir)Enclave.enc.dll" -out "$(OutDir)Enclave.signed.enc.dll" -config "Enclave.config.xml"

I found this in the document Intel Software Guard Extensions Developer Reference for Windows OS, page 101. There is a list there called, "Modifications to IP Enclave" for modifications needed to compile this enclave.

Regards,

Jesus

Intel Customer Support

0 Kudos
Criston__Anna
New Contributor I
1,203 Views

Garcia, Jesus L (Intel) wrote:

Hi Anna,

In Visual Studio

1. Right click the project Enclave->Properties->Build Events->Post-Build Event->Change Command line to read as below. I bolded the only change. This step encrypts the enclave.dll then needs to sign the encrypted version, which is called enclave.enc.dll.

"$(SGXSDKInstallPath)bin\x64\release\sgx_enc_ip.exe" -k key.bin -i "$(OutDir)Enclave.dll" -o "$(OutDir)Enclave.enc.dll" && "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "Enclave_private.pem" -enclave "$(OutDir)Enclave.enc.dll" -out "$(OutDir)Enclave.signed.enc.dll" -config "Enclave.config.xml"

I found this in the document Intel Software Guard Extensions Developer Reference for Windows OS, page 101. There is a list there called, "Modifications to IP Enclave" for modifications needed to compile this enclave.

Regards,

Jesus

Intel Customer Support

Thank you for your reply. I made the modification, however the problem still remains. I had a look in the Developer Reference, cannot really figure out what else I could change. 

0 Kudos
JesusG_Intel
Moderator
1,203 Views

Hi Anna, please post the full command line in your post-build event here.

0 Kudos
Criston__Anna
New Contributor I
1,203 Views

Garcia, Jesus L (Intel) wrote:

Hi Anna, please post the full command line in your post-build event here.

Sure.

"$(SGXSDKInstallPath)bin\x64\release\sgx_enc_ip.exe" -k key.bin -i "$(OutDir)Enclave.dll" -o "$(OutDir)Enclave.enc.dll" && "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "Enclave_private.pem" -enclave "$(OutDir)Enclave.enc.dll" -out "$(OutDir)Enclave.signed.enc.dll" -config "Enclave.config.xml"

0 Kudos
JesusG_Intel
Moderator
1,203 Views

Hi Anna, your command is correct. I was able to reproduce your error when I compiled as Win32. Change your compile target platform to x64 and it should work. I don't know why Win32 does not work.

0 Kudos
Criston__Anna
New Contributor I
1,202 Views

Garcia, Jesus L (Intel) wrote:

Hi Anna, your command is correct. I was able to reproduce your error when I compiled as Win32. Change your compile target platform to x64 and it should work. I don't know why Win32 does not work.

Thank you for your reply, Jesus. I did change my target platform, however I still have the problem:

Screenshot (1).pngScreenshot (2).pngScreenshot (3).png

0 Kudos
JesusG_Intel
Moderator
1,202 Views

Hello Anna, we're going to have to dive deeper. I have the same config as you based on your screenshots and the post-build step works without a problem. 

Let's try a fresh installation of the SDK. Save your work to another folder, then uninstall the SGX SDK.

  1. Go to "Control Panel\Programs\Programs and Features".
  2. Right click and uninstall Intel Software Guard Extensions SDK for Windows*
  3. Be sure to remove this directory if not completely removed after the uninstall: C:\Program Files (x86)\Intel\IntelSGXSDK
  4. Reinstall the SGX SDK.
  5. Open the SampleEnclavePCL sample with VS as administrator.
  6. Go to the Enclave project properties and change the post-build event as you did before and try to compile for x64.

 

0 Kudos
Criston__Anna
New Contributor I
1,202 Views

Garcia, Jesus L (Intel) wrote:

Hello Anna, we're going to have to dive deeper. I have the same config as you based on your screenshots and the post-build step works without a problem. 

Let's try a fresh installation of the SDK. Save your work to another folder, then uninstall the SGX SDK.

  1. Go to "Control Panel\Programs\Programs and Features".
  2. Right click and uninstall Intel Software Guard Extensions SDK for Windows*
  3. Be sure to remove this directory if not completely removed after the uninstall: C:\Program Files (x86)\Intel\IntelSGXSDK
  4. Reinstall the SGX SDK.
  5. Open the SampleEnclavePCL sample with VS as administrator.
  6. Go to the Enclave project properties and change the post-build event as you did before and try to compile for x64.

 

Thank you for your reply, Jesus. I did as you said, but no success. One thing I noticed is that the release folder was installed with capital R, I changed that, but still not working. I attach screenshots of the two folders accessed. It seems as Enclave.enc.dll does not make it to the Debug folder.

Screenshot (5).pngScreenshot (6).png

0 Kudos
JesusG_Intel
Moderator
1,203 Views

Hi Anna,

Let's try to run the post build step manually. The post build step is actually two commands executed sequentially. The first step is to open a command line prompt as Administrator.

Ensure these files exist before running the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem

After you verified the above files exist, run this command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe -k "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin" -i "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll"

Ensure this file gets generated after the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll

Now you can run the second command command to sign Enclave.enc.dll and generate Enclave.signed.enc.dll.

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_sign.exe sign -key "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem" -enclave "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll"

This file is the final one you end up with:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll
0 Kudos
Criston__Anna
New Contributor I
1,203 Views

Garcia, Jesus L (Intel) wrote:

Hi Anna,

Let's try to run the post build step manually. The post build step is actually two commands executed sequentially. The first step is to open a command line prompt as Administrator.

Ensure these files exist before running the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem

After you verified the above files exist, run this command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe -k "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin" -i "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll"

Ensure this file gets generated after the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll

Now you can run the second command command to sign Enclave.enc.dll and generate Enclave.signed.enc.dll.

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_sign.exe sign -key "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem" -enclave "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll"

This file is the final one you end up with:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll

Alright. When I run the first command I get the following error:

Screenshot (7).png

0 Kudos
Criston__Anna
New Contributor I
1,203 Views

Criston, Anna wrote:

Quote:

Garcia, Jesus L (Intel) wrote:

 

Hi Anna,

Let's try to run the post build step manually. The post build step is actually two commands executed sequentially. The first step is to open a command line prompt as Administrator.

Ensure these files exist before running the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem

After you verified the above files exist, run this command:

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_enc_ip.exe -k "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\key.bin" -i "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll"

Ensure this file gets generated after the first command:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll

Now you can run the second command command to sign Enclave.enc.dll and generate Enclave.signed.enc.dll.

C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release\sgx_sign.exe sign -key "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\Enclave\Enclave_private.pem" -enclave "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.enc.dll" -o "C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll"

This file is the final one you end up with:

C:\Program Files (x86)\Intel\IntelSGXSDK\src\SampleEnclavePCL\x64\Debug\Enclave.signed.enc.dll

 

 

Alright. When I run the first command I get the following error:

Screenshot (7).png

Update: Downloaded libcrypto-1_1-x64.dll version 1.1.1.4, placed it in C:\Program Files (x86)\Intel\IntelSGXSDK\bin\x64\Release, and the enclave is building just fine. However, running the program gives me the following the error:

Screenshot (11).pngAnd the line and status where it prints "Failed to read sealed_key.bin":

Screenshot (9).png

0 Kudos
JesusG_Intel
Moderator
1,203 Views

Hi Anna,

You found a bug!  Here is the fix. Add this line before ReadFile.

sealed_key_blob = new uint8_t[sealed_key_blob_file_size];

Your code should look like this:

else
        {
            sealed_key_blob = new uint8_t[sealed_key_blob_file_size];
            ReadFile(sealed_key_handler, sealed_key_blob, sealed_key_blob_file_size, &read_num, NULL);
            if (read_num != sealed_key_blob_file_size) {
                printf("Failed to read %s\n", sealed_key_blob_path);
                ErrorExit(TEXT("ReadFile"));
            }

 

0 Kudos
Criston__Anna
New Contributor I
1,203 Views

Garcia, Jesus L (Intel) wrote:

Hi Anna,

You found a bug!  Here is the fix. Add this line before ReadFile.

sealed_key_blob = new uint8_t[sealed_key_blob_file_size];

Your code should look like this:

else
        {
            sealed_key_blob = new uint8_t[sealed_key_blob_file_size];
            ReadFile(sealed_key_handler, sealed_key_blob, sealed_key_blob_file_size, &read_num, NULL);
            if (read_num != sealed_key_blob_file_size) {
                printf("Failed to read %s\n", sealed_key_blob_path);
                ErrorExit(TEXT("ReadFile"));
            }

 

this solved it. Thank you!

0 Kudos
Reply