Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Why is ld.gold better than ld for intel sgx?

shmoo
Novice
1,607 Views

The documentation Intel_SGX_Developer_Reference_Linux_2.13.3 suggests:

You are also encouraged to help harden your enclaves, by passing one of the following options to the linker, to put read-only non-executable sections in your own segment:

ld.gold --rosegment

or,

-Wl,-fuse-ld=gold –Wl,--rosegment

Why is it better to use ld.gold?

Wikipedia says:

Fedora has moved gold from binutils into its own package due to concerns it is suffering from bitrot after Google's interest has moved to LLVM.[6]

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,536 Views

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
6 Replies
JesusG_Intel
Moderator
1,583 Views

Hello shmoo,


I am working with engineering on getting clarification on why they recommend using ld.gold. I apologize for the delay.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,562 Views

Hello shmoo,


I apologize for the delay. I will reply to this thread as soon as I have an answer.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,557 Views

Hello shmoo,


ld.gold is recommended only because it further enforces readonly non-executable segments. It is not necessarily better than ld.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
shmoo
Novice
1,549 Views

Hello Jesus,

Thank you for asking the engineering team!

What does it mean, that it further enforces read-only non-executable segments?

Sincerely,
David

0 Kudos
JesusG_Intel
Moderator
1,537 Views

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,516 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread


0 Kudos
Reply