- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have trouble in applying SGX to my application
I want to keep an value inside Enclave while I'm using application.
For example, I define account balance variable inside Enclave and want to keep the value of it while I'm using the application.
but If I put the account balance variable in the trusted functions inside enclave as a local variable, the value would be gone after using the function and I couldn't keep the value.
So I tried to define it as a global variable inside Enclave but the global variable was not encrypted unlike the local variables (* I checked it by using Cheat Engine. I couldn't scan local variables but could scan global variables)
Could I use global variable inside enclave securely?
I hope to know how to use the global variables in enclave if I could use them.
or If there is another way to keep value inside Enclave safely, I hope to know how to do.
(I'm guessing there could be a way to allocate memory safely using malloc function ..)
Thanks for reading my question :)
Best regards
Suin
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi:
I think there is something wrong with your code. The enclave global variables is encrypted. In your case, you may use the global variables outside the enclave. Did you clear up the secret after you use it ? I mean after you get the global variable via an Ecall function you should clear the utrusted buffer which receives the value.
Regards
you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, you
Thank you for answering my question.
But I think I followed the SGX format. Maybe I am missing something.
I wish you could check my sample code.
*** Enclave2.cpp
#include "Enclave2_t.h"
#include "sgx_trts.h"
int balance;
void setBalance(int input) {
balance = input;
}
void withdraw(int money) {
balance -= money;
}
int getBalance() {
return balance;
}
***
*** Enclave2.edl
enclave {
from "sgx_tstdc.edl" import *;
trusted {
public void setBalance(int input);
public void withdraw(int money);
public int getBalance();
};
};
***
***account.cpp
#include <stdio.h>
#include <tchar.h>
#include "sgx_urts.h"
#include "Enclave2_u.h"
#define ENCLAVE_FILENAME _T("Enclave2.signed.dll")
int main() {
sgx_enclave_id_t eid;
sgx_status_t ret = SGX_SUCCESS;
sgx_launch_token_t token = { 0 };
int updated = 0;
int balance;
ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);
setBalance(eid, 1000);
withdraw(eid, 200);
getchar();
//I scanned 800 here for global variable balance in Enclave2.cpp
//and found 9 memory address with value 800, I changed them all to 400 by using cheat engine
withdraw(eid, 100);
//and here one of them decreased to 300
//I think the value must be the global variable
if (SGX_SUCCESS != sgx_destroy_enclave(eid))
printf("\nApp: error, failed to destroy enclave.\n");
return 0;
}
***
If I miss something, please let me know.
Thanks for reading my question.
Best regards
Suin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I asked about a similar matter in my recent post, so i think for future reference it will be good to post the answer here too.
There is a detailed answer in intel/sgx/issues on github. The PowerTransition sample code demonstrates exactly how to use a global variable to keep valid data inside the enclave till it's destruction.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page