Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Why is ld.gold better than ld for intel sgx?

shmoo
Novice
424 Views

The documentation Intel_SGX_Developer_Reference_Linux_2.13.3 suggests:

You are also encouraged to help harden your enclaves, by passing one of the following options to the linker, to put read-only non-executable sections in your own segment:

ld.gold --rosegment

or,

-Wl,-fuse-ld=gold –Wl,--rosegment

Why is it better to use ld.gold?

Wikipedia says:

Fedora has moved gold from binutils into its own package due to concerns it is suffering from bitrot after Google's interest has moved to LLVM.[6]

0 Kudos
1 Solution
JesusG_Intel
Moderator
353 Views

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

6 Replies
JesusG_Intel
Moderator
400 Views

Hello shmoo,


I am working with engineering on getting clarification on why they recommend using ld.gold. I apologize for the delay.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
379 Views

Hello shmoo,


I apologize for the delay. I will reply to this thread as soon as I have an answer.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
374 Views

Hello shmoo,


ld.gold is recommended only because it further enforces readonly non-executable segments. It is not necessarily better than ld.


Sincerely,

Jesus G.

Intel Customer Support


shmoo
Novice
366 Views

Hello Jesus,

Thank you for asking the engineering team!

What does it mean, that it further enforces read-only non-executable segments?

Sincerely,
David

JesusG_Intel
Moderator
354 Views

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
333 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread


Reply