Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

get enclave metadata from a signed enclave binary

Fan
Beginner
961 Views

As I understand, all pages including metadata page such as SEC, TCS, SECINFO, etc are determined even before an enclave is loaded. Those pages have to be stored in the enclave binary, and my question is where exactly. On Linux, there is an elf section called '.note.sgxmeta' in the signed binary. So is this the place where metadata is stored? If so, Is there any document on how to get those metadata from this blob of bytes?

> objdump -sj '.note.sgxmeta' enclave.signed.so


enclave.signed.so:     file format elf64-x86-64

Contents of section .note.sgxmeta:
 0000 0d000000 00100000 01000000 7367785f  ............sgx_
 0010 6d657461 64617461 004c0e5d 639402a8  metadata.L.]c...
 0020 86030000 00010000 00280a00 00010000  .........(......
 0030 00010000 00480a00 00000000 00000000  .....H..........
 0040 00000080 00000000 00040000 00000000  ................
 0050 00070000 00000000 00060000 00e10000  ................
 0060 00000001 00000000 00000000 00100217  ................
 0070 20010100 00600000 00600000 00010000   ....`...`......
 0080 00000000 00000000 00000000 00000000  ................
 0090 00000000 00000000 00000000 00000000  ................
 00a0 00000000 00000000 00000000 00000000  ................
 00b0 00000000 00000000 00000000 00000000  ................
 00c0 00000000 00000000 00000000 00000000  ................
 00d0 00000000 00000000 00f357fd 12f0287b  ..........W...({
 00e0 d924ae74 d602136d 1b50565b c764d591  .$.t...m.PV[.d..
 00f0 d42f1866 200bd671 034df1e6 b253d63e  ./.f ..q.M...S.>
 0100 12046ad0 b558d69b d422b7f8 24872346  ..j..X..."..$.#F


0 Kudos
2 Replies
Surenthar_S_Intel
961 Views

Thanks for your Query. We will update you soon.

-Surenthar

0 Kudos
Rafal_W_
Beginner
961 Views

Check https://github.com/01org/linux-sgx/blob/master/common/inc/internal/metadata.h for the data format (the ELF section is a "note" one). The header is internal, it's subject to change without notice so I wouldn't rely on it in production code. The MRENCLAVE value is in there though and it's probably the only convenient way to get it during build process currently...

0 Kudos
Reply