Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1371 Discussions

Why is ld.gold better than ld for intel sgx?

shmoo
Novice
‎05-17-2021 01:13 AM
640 Views
Solved Jump to solution

The documentation Intel_SGX_Developer_Reference_Linux_2.13.3 suggests:

You are also encouraged to help harden your enclaves, by passing one of the following options to the linker, to put read-only non-executable sections in your own segment:

ld.gold --rosegment

or,

-Wl,-fuse-ld=gold –Wl,--rosegment

Why is it better to use ld.gold?

Wikipedia says:

Fedora has moved gold from binutils into its own package due to concerns it is suffering from bitrot after Google's interest has moved to LLVM.[6]

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎05-25-2021 07:58 AM
569 Views
Solved Jump to solution

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

6 Replies
JesusG_Intel
Moderator
‎05-18-2021 04:56 PM
616 Views
Solved Jump to solution

Hello shmoo,


I am working with engineering on getting clarification on why they recommend using ld.gold. I apologize for the delay.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎05-24-2021 03:14 PM
595 Views
Solved Jump to solution

Hello shmoo,


I apologize for the delay. I will reply to this thread as soon as I have an answer.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎05-24-2021 05:48 PM
590 Views
Solved Jump to solution

Hello shmoo,


ld.gold is recommended only because it further enforces readonly non-executable segments. It is not necessarily better than ld.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
shmoo
Novice
‎05-24-2021 10:47 PM
582 Views
Solved Jump to solution

Hello Jesus,

Thank you for asking the engineering team!

What does it mean, that it further enforces read-only non-executable segments?

Sincerely,
David

0 Kudos
Copy link
JesusG_Intel
Moderator
‎05-25-2021 07:58 AM
570 Views
Solved Jump to solution

Hello David,


Read-only non-executable memory segments help prevent buffer overflow and other memory attacks. Attackers cannot write to or execute code in these memory segments. ld.gold has also been reported to be a faster linker than ld. I recommend doing a web search on this topic for more information.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎06-02-2021 02:40 PM
549 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread


0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.