Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

multiple enclaves in a single application

Gokhale__Sushant
Beginner
‎01-27-2019 03:08 AM
1,081 Views
Solved Jump to solution

How to create multiple enclaves in a single application?

Sample code(or link to it ) would be better. Need it for my academic project.

0 Kudos
1 Solution
Scott_R_Intel
Employee
‎01-28-2019 04:08 AM
1,081 Views
Solved Jump to solution

Hi Sushant.

The only thing you really need to do to load multiple enclaves is to make sure they are named differently.  The LocalAttestation sample actually loads up 3 different enclaves (simply named Enclave1, Enclave2, and Enclave3).

https://github.com/intel/linux-sgx/tree/master/SampleCode/LocalAttestation

Hope this helps.

Scott

View solution in original post

0 Kudos
Copy link

Link Copied

3 Replies
Scott_R_Intel
Employee
‎01-28-2019 04:08 AM
1,082 Views
Solved Jump to solution

Hi Sushant.

The only thing you really need to do to load multiple enclaves is to make sure they are named differently.  The LocalAttestation sample actually loads up 3 different enclaves (simply named Enclave1, Enclave2, and Enclave3).

https://github.com/intel/linux-sgx/tree/master/SampleCode/LocalAttestation

Hope this helps.

Scott

0 Kudos
Copy link
Gokhale__Sushant
Beginner
‎01-28-2019 04:33 AM
1,081 Views
Solved Jump to solution

Thanks. And how do you generate "Enclave1_private.pem" file for each enclave?

0 Kudos
Copy link
Scott_R_Intel
Employee
‎01-28-2019 04:53 AM
1,081 Views
Solved Jump to solution

You can use OpenSSL to generate the keys you need.  See the "Enclave Signing Tool" section of the latest SGX Dev Ref for Linux for examples of how to do so:

https://download.01.org/intel-sgx/linux-2.4/docs/Intel_SGX_Developer_Reference_Linux_2.4_Open_Source.pdf

But, just as an FYI, unless you want/plan to whitelist each enclave signing key separately, you probably want to use the same signing key for all your enclaves.

Regards.

Scott

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.