Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

what difference on sgx psw and sgx sdk?

sang__oh
Beginner
3,656 Views

i can't find Explanation what is SGX Platform software. 

so anyone tell me when we use sgx platform software?

0 Kudos
1 Solution
Dr__Greg
Super User
3,656 Views

Good evening Sang, I hope this comment finds your day going well.

The SGX Platform SoftWare (PSW) is the body of code and utilities that implements roughly the following functionality:

  • Loading of an enclave memory image.
  • Initialization of an enclave image.
  • Execute ECALL's into the enclave image and any OCALL's resulting from those ECALL's.
  • Implement handling for enclave exception conditions.
  • Implement requests for platform services.
  • Mediate provisioning of EPID private keys.
  • Support transmission and receipt of remote attestation quotes.

If you build and run enclaves on Windows or Linux using the Intel supplied software you are using the SGX platform software.

On Linux the PSW functionality is implemented in the form of a single binary called aesm_service that is installed in the following location:

/opt/intel/sgxpsw/aesm/aesm_service

And is run by systemd.

The Intel SDK is a collection of code that is roughly broken into three components; the Trusted RunTime System (TRTS), the Untrusted RunTime System (URTS) and the enclave standard library code.

The URTS code is linked into an application that is implementing enclave functionality and communicates with the aesm_service binary through a mixture of sockets and pipes in order to access the functionality noted above.

The TRTS code is combined with the user enclave code in the enclave linking process in order to create the ELF shared library image that represents the enclave image that will be loaded into secure memory.  The user enclave code will also be combined with functionality from the minimized standard C and standard C++ library code that Intel provides as part of their SDK.

An SGX enclave is an implementation of a Trusted Execution Environment (TEE) that is much like an independent operating system instance.  In order to be functionally useful there has to be a way for the untrusted component of an application to access trusted enclave functionality and for the enclave to request certain operating system resources through requests to the untrusted component of the application.

We like to describe an SGX based application eco-system as a series of security micro-kernels which are linked together to achieve some overall composite functionality.  The PSW, URTS and TRTS are the support framework that surround an enclave to achieve this functionality.

I hope the above summary is useful background information on all of this.

Best wishes for a pleasant weekend.

Dr. Greg

View solution in original post

0 Kudos
1 Reply
Dr__Greg
Super User
3,657 Views

Good evening Sang, I hope this comment finds your day going well.

The SGX Platform SoftWare (PSW) is the body of code and utilities that implements roughly the following functionality:

  • Loading of an enclave memory image.
  • Initialization of an enclave image.
  • Execute ECALL's into the enclave image and any OCALL's resulting from those ECALL's.
  • Implement handling for enclave exception conditions.
  • Implement requests for platform services.
  • Mediate provisioning of EPID private keys.
  • Support transmission and receipt of remote attestation quotes.

If you build and run enclaves on Windows or Linux using the Intel supplied software you are using the SGX platform software.

On Linux the PSW functionality is implemented in the form of a single binary called aesm_service that is installed in the following location:

/opt/intel/sgxpsw/aesm/aesm_service

And is run by systemd.

The Intel SDK is a collection of code that is roughly broken into three components; the Trusted RunTime System (TRTS), the Untrusted RunTime System (URTS) and the enclave standard library code.

The URTS code is linked into an application that is implementing enclave functionality and communicates with the aesm_service binary through a mixture of sockets and pipes in order to access the functionality noted above.

The TRTS code is combined with the user enclave code in the enclave linking process in order to create the ELF shared library image that represents the enclave image that will be loaded into secure memory.  The user enclave code will also be combined with functionality from the minimized standard C and standard C++ library code that Intel provides as part of their SDK.

An SGX enclave is an implementation of a Trusted Execution Environment (TEE) that is much like an independent operating system instance.  In order to be functionally useful there has to be a way for the untrusted component of an application to access trusted enclave functionality and for the enclave to request certain operating system resources through requests to the untrusted component of the application.

We like to describe an SGX based application eco-system as a series of security micro-kernels which are linked together to achieve some overall composite functionality.  The PSW, URTS and TRTS are the support framework that surround an enclave to achieve this functionality.

I hope the above summary is useful background information on all of this.

Best wishes for a pleasant weekend.

Dr. Greg

0 Kudos
Reply