Community
cancel
Showing results for 
Search instead for 
Did you mean: 
tz71
Beginner
255 Views

Signing Enclave fails

Jump to solution

I want to use SDL2 library functions inside the enclave so I created a trusted library and staticly linked SDL2 to the library and then added the trusted library to my enclave. But I get the following linkage error.

TSDL2.lib(SDL_malloc.obj) : error LNK2005: _memalign already defined in sgx_tstdc.lib(malloc.obj)
TSDL2.lib(SDL_malloc.obj) : error LNK2005: _mallinfo already defined in sgx_tstdc.lib(malloc.obj)

Then I used /FORCE:MULTIPLE option of Visual Studio and now I get "Error happened while signing the enclave". 

1>TSDL2.lib(SDL_malloc.obj) : warning LNK4006: _memalign already defined in sgx_tstdc.lib(malloc.obj); second definition ignored
1>TSDL2.lib(SDL_malloc.obj) : warning LNK4006: _mallinfo already defined in sgx_tstdc.lib(malloc.obj); second definition ignored
1>     Creating library C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.lib and object C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.exp
1>C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.dll : warning LNK4088: image being generated due to /FORCE option; image may not run
1>  Enclave1.vcxproj -> C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.dll
1>EXEC : warning : undefined symbol detected.
1>  The input enclave file is not correct.
1>  Error happened while signing the enclave.
1>  <EnclaveConfiguration>
1>      <ProdID>0</ProdID>
1>      <ISVSVN>0</ISVSVN>
1>      <StackMaxSize>0x40000</StackMaxSize>
1>      <HeapMaxSize>0x100000</HeapMaxSize>
1>      <TCSNum>10</TCSNum>
1>      <TCSPolicy>1</TCSPolicy>
1>      <DisableDebug>0</DisableDebug>
1>      <MiscSelect>0</MiscSelect>
1>      <MiscMask>0xFFFFFFFF</MiscMask>
1>  </EnclaveConfiguration>
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Microsoft.CppCommon.targets(134,5): error MSB3073: The command ""C:\Program Files (x86)\Intel\IntelSGXSDK\bin\win32\release\sgx_sign.exe" sign -key "C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Enclave1\Enclave1_private.pem" -enclave "C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.dll" -out "C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Debug\Enclave1.signed.dll" -config "C:\Users\admin\Documents\Visual Studio 2012\Projects\Check_SDL\Enclave1\Enclave1.config.xml"
1>C:\Program Files (x86)\MSBuild\Microsoft.Cpp\v4.0\V110\Microsoft.CppCommon.targets(134,5): error MSB3073: :VCEnd" exited with code -1.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

Has anyone faced this error? 

The SDK user guide says I should write a wrapper for each function from the 3rd party library I want to use inside the enclave but it's not clear for me how I should do this. So can someone explain how we should use 3rd party libraries like SDL inside the enclave? 

Thanks

0 Kudos
1 Solution
255 Views

you can’t just compile a random library, do a static link, and expect it work in an enclave. First of all, there are certain instructions that are not allowed within an enclave, so even if you could get that library to build in a manner that it would load and execute in the enclave, it may contain instructions that will cause an exception at runtime. Second, to actually build a trusted library that does work in an enclave, you can only link against the Intel-provided trusted libraries, including the trusted C Standard Library. These trusted libraries are designed to work in enclaves and avoid instructions and functions that are not legal or safe in an enclave. See the “Trusted Libraries” section of the SGX SDK for more information.

Based on the error messages, it sounds like you have created their library by doing a static link with Visual Studio’s standard C library. But enclaves are compiled using the trusted C library, so there are now two C libraries in the object with the same function names. That’s why you got name collisions. Using compiler options to resolve the name problems isn’t going to fix it. The library you are trying to port has to be built using the trusted libraries, and may require some porting.

View solution in original post

6 Replies
Juan_d_Intel
Employee
255 Views

The trusted C standard library, sgx_tstdc.lib includes support for malloc/free, which manages the trusted heap.

It looks like your TSDL2.lib library contains an object file SDL_malloc.obj hat also includes the malloc/free API.

You need to exclude this object file from the library build and use the malloc/free implementation that sgx_tlibc.lib provides.

Does your library contains a special/optimized malloc/free implementation that you want to use instead of what the SGX SDK provides?

The problem with wrapping your malloc/free implementation (or I'd say renaming your functions) is that it doesn't know where the trusted heap is located, therefore it cannot manage it.

 

tz71
Beginner
255 Views

This error happens when I use any SDL2 API functions inside enclave and SDL has its own implimentation of malloc\free. So the only way to solve the problem is changing and recompiling the SDL libraries to use sgx_tlibc.lib implimentations? Also "sgx_tlibc" and other trusted libraries have designed to be used inside the enclave only. Am I right? So how can we use them in other 3rd party libraries?

My trusted library is like this:

int ecall_create_win(){
SDL_Window* main_win;
main_win= SDL_CreateWindow(
        "A sample window",                  
        SDL_WINDOWPOS_CENTERED,         
        SDL_WINDOWPOS_CENTERED,         
        640,                            
        480,                            
        SDL_WINDOW_RESIZABLE              
    );
// rest of the code......
}

Thank you,

256 Views

you can’t just compile a random library, do a static link, and expect it work in an enclave. First of all, there are certain instructions that are not allowed within an enclave, so even if you could get that library to build in a manner that it would load and execute in the enclave, it may contain instructions that will cause an exception at runtime. Second, to actually build a trusted library that does work in an enclave, you can only link against the Intel-provided trusted libraries, including the trusted C Standard Library. These trusted libraries are designed to work in enclaves and avoid instructions and functions that are not legal or safe in an enclave. See the “Trusted Libraries” section of the SGX SDK for more information.

Based on the error messages, it sounds like you have created their library by doing a static link with Visual Studio’s standard C library. But enclaves are compiled using the trusted C library, so there are now two C libraries in the object with the same function names. That’s why you got name collisions. Using compiler options to resolve the name problems isn’t going to fix it. The library you are trying to port has to be built using the trusted libraries, and may require some porting.

View solution in original post

Juan_d_Intel
Employee
255 Views

If you built TSDL2.lib with Visual Studio as a regular static library linking with Visual Studio's standard C library, then you have to create a new Intel SGX Enclave Project using the Wizard (choose the Enclave Library option as the project type) and import your files into the new project. The Wizard will setup the appropriate compiler and linker options to build this library as a trusted library you can link with an enclave.

tz71
Beginner
255 Views

Actually I already did the same thing, my TSDL2.lib is a trusted library (enclave Library option in project type) using SDL (I'm linking only a trusted library to the enclave). I built SDL in as regular static library linking with Visual Studio's standard C library then import every things to my trusted library TSDL2.lib and I built it without any error. Then I linked it to the enclave and I'm getting these errors. I thought for using any third party library (allowed instructions) is enough to link it to a trusted library but it seems this is not enough. So I'm trying to build SDL with intel trusted standard libraries.

Thanks,

Juan_d_Intel
Employee
255 Views

If you build TSDL2.lib as a trusted library but you "build SDL as a regular static library linking with Visual Studio's standard C library" you will get this error. You need to build SDL as a trusted library as well.

Reply