I am working on a scenario to develop a SGX software where one component is in the normal world while the other will be put inside the Enclave.
Right now, I am thinking to test the software with some fuzz testing tools. Nevertheless, it seems not very easy to directly launch the SGX hardware mode for the testing. Instead, I am thinking to use the SGX simulation mode for the fuzz testing. It seems to me that the good thing about simulation mode fuzzing is that we can still access the execution status within Enclave, and therefore, potentially, making a "whitebox" fuzzing feasible.
Nevertheless, the related materials are surprisingly rare. Hence, I am writing to inquire some guidelines to setup and fuzz SGX software under the simulation mode. Could anyone shed some lights on this? Thank you very much. Any advice would be appreciated very much.
Hello Irene, Intel does not provide specific guidance for fuzz testing of Intel® SGX enclaves but you can use a combination of Debug and Simulation modes for your testing. You can also use the Intel® VTune™ Amplifier for measuring performance. Please refer to the Intel SGX Developer Reference guides for the respective OSes for more information on setting up the enclaves for debugging, simulation, and Vtune profiling.