Linux 1.8 Open Source Gold release

Signed-off-by: Li, Xun <xun.li@intel.com>

Linux_SGXEclipsePlugin/build_directory/features/com.intel.sgx.feature/feature.xml

@@ -24,11 +24,11 @@ tools Plug-in to allow ISVs develop secure extensions in C or
 C++. The Plug-in also allows conversion of an Linux Application
 project into an Linux Application project with Software Guard
 Extensions.
-Using the Plug-in features and SGX Plug-in Menu options, a developer
+Using the Plug-in features and Intel(R) SGX Plug-in Menu options, a developer
 can modify the Signing keys and Enclave Configuration for an
 Enclave project and can add enclaves inside a project with SGX Nature.
 Once development is complete, the developer can build the Enclave
-and the Linux project using the SGX SDK for Linux with Release/Debug Configurations in Simulation/Hardware
+and the Linux project using the Intel(R) SGX SDK for Linux with Release/Debug Configurations in Simulation/Hardware
 mode and Hardware Prerelease mode.
    </description>
 

Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html

@@ -214,7 +214,7 @@ developers by the Intel(R) SGX SDK.</p>
                 <p class="figcap">Intel(R) SGX Tools</p>
             </li>
             <li>
-                <p>New configurations specific to SGX technology.  You may see the configurations for the project by clicking to the down arrow of button <img src="Resources/Images/Down_Arrow_Button.png" /> usually found at the top of the Eclipse window:</p>
+                <p>New configurations specific to Intel(R) SGX technology.  You may see the configurations for the project by clicking to the down arrow of button <img src="Resources/Images/Down_Arrow_Button.png" /> usually found at the top of the Eclipse window:</p>
                 <p>
                     <img src="Resources/Images/Configurations_Specific_to_Intel_SGX_Technology.png" />
                 </p>

Linux_SGXEclipsePlugin/build_directory/sites/site.xml

@@ -17,7 +17,7 @@
    <feature url="features/com.intel.sgx.feature_1.0.1.qualifier.jar" id="com.intel.sgx.feature" version="1.0.1.qualifier">
       <category name="com.intel.security.sgx"/>
    </feature>
-   <category-def name="com.intel.security.sgx" label="SGX Eclipse Plugin">
-      <description>SGX Eclipse Plugin 1.0.1.qualifier</description>
+   <category-def name="com.intel.security.sgx" label="Intel(R) SGX Eclipse Plugin">
+      <description>Intel(R) SGX Eclipse Plugin 1.0.1.qualifier</description>
    </category-def>
 </site>

Linux_SGXEclipsePlugin/readme.txt

@@ -12,7 +12,7 @@ The following plugins are pre-requisites to be installed in Eclipse before tryin
 run ./build.sh from command line under current directory.
 Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation.
 
-If the sgx eclipse plugin is already installed to eclipse and to build and install a newer version, uninstall the old version and start eclipse with the -clean option.
+If the Intel(R) Software Guard Extensions (Intel(R) SGX) eclipse plugin is already installed to eclipse and to build and install a newer version, uninstall the old version and start eclipse with the -clean option.
 Then try to build the new version of the plugin and install it in eclipse.
 
 http://wiki.eclipse.org/FAQ_How_do_I_remove_a_plug-in%3F

Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions

README.md

@@ -7,11 +7,11 @@ Introduction
 ------------
 Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.
 
-The Linux SGX software stack is comprised of the SGX driver, the SGX SDK, and the SGX Platform Software. The SGX SDK and SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
+The Linux Intel SGX software stack is comprised of the Intel SGX driver, the Intel SGX SDK, and the Intel SGX Platform Software. The Intel SGX SDK and Intel SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.
 
-The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux SGX software stack, which will be used until the driver upstreaming process is complete. 
+The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux Intel SGX software stack, which will be used until the driver upstreaming process is complete. 
 
-**Note**  This repository includes a subset of the Intel(R) IPP Cryptography library under [external/crypto_px](https://github.com/01org/linux-sgx/external/crypto_px). It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. They are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version.
+**Note**  This repository includes a subset of the Intel(R) IPP Cryptography library under [external/crypto_px](https://github.com/01org/linux-sgx/external/crypto_px). It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. They are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version. 
 
 License
 -------
@@ -30,21 +30,35 @@ Documentation
 
 Build and Install the Intel(R) SGX Driver
 -----------------------------------------
-Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the SGX driver.
+Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the Intel SGX driver.
 
 Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
 -------------------------------------------------------
 ###Prerequisites:
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
-- Use the following command to install the required tools to build Intel(R) SGX SDK:  
-```
-  $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python
-```
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
+
+- Use the following command(s) to install the required tools to build Intel(R) SGX SDK:  
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum groupinstall 'Development Tools'
+    $ sudo yum install ocaml wget python
+  ```
 - Use the following command to install additional required tools to build Intel(R) SGX PSW:  
-```
-  $ sudo apt-get install libcurl4-openssl-dev protobuf-compiler protobuf-c-compiler libprotobuf-dev libprotobuf-c0-dev
-```
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum install openssl-devel libcurl-devel protobuf-compiler protobuf-devel
+  ```
 - Use the script ``download_prebuilt.sh`` inside source code package to download prebuilt binaries to prebuilt folder  
   You may need set https proxy for wget tool used by the script (such as ``export https_proxy=http://test-proxy:test-port``)  
 ```
@@ -74,8 +88,8 @@ The following steps describe how to build the Intel SGX SDK and PSW. You can bui
   $ make clean
 ```
 
-- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE) - the files ``psw/ae/data/prebuilt/libsgx_*.signed.so``, which have been signed by Intel in advance.
-  To build those binaries by yourself (without a signature), first you need to build both Intel SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using the `make` command from the corresponding folder:
+- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE/PSE-OP/PSE-PR) and applet(PSDA) - the files ``psw/ae/data/prebuilt/libsgx_*.signed.so`` and ``psw/ae/data/prebuilt/PSDA.dalp``, which have been signed by Intel in advance.
+  To build those enclaves by yourself (without a signature), first you need to build both Intel SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using the `make` command from the corresponding folder:
 ```
   $ cd psw/ae/le
   $ make
@@ -87,10 +101,6 @@ To build Intel(R) SGX SDK installer, enter the following command:
 $ make sdk_install_pkg
 ```
 You can find the generated Intel SGX SDK installer ``sgx_linux_x64_sdk_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
-You could also make an SGX SDK installer with non-optimized source code for crypto library by
-```
-$ make sdk_install_pkg USE_OPT_LIBS=0
-```
 
 ###Build Intel(R) SGX PSW Installer
 To build Intel(R) SGX PSW installer, enter the following command:
@@ -98,19 +108,24 @@ To build Intel(R) SGX PSW installer, enter the following command:
 $ make psw_install_pkg
 ```
 You can find the generated Intel SGX PSW installer ``sgx_linux_x64_psw_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number.
-You could also make an SGX PSW intaller with non-optimized source code for crypto library by
-```
-$ make psw_install_pkg USE_OPT_LIBS=0
-```
+
 Install Intel(R) SGX SDK
 ------------------------
 ###Prerequisites
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
 - Use the following command to install the required tool to use Intel(R) SGX SDK:
-```  
-  $ sudo apt-get install build-essential
-```
+  * On Ubuntu 16.04:
+  ```  
+    $ sudo apt-get install build-essential python
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+     $ sudo yum groupinstall 'Development Tools'
+     $ sudo yum install python 
+  ```
 
 ###Install Intel(R) SGX SDK
 To install Intel(R) SGX SDK, execute the installer with root privilege:
@@ -119,46 +134,65 @@ $ cd linux/installer/bin
 $ sudo ./sgx_linux_x64_sdk_${version}.bin 
 ```
 ###Test Intel(R) SGX SDK Package with the Sample Codes
-- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as  
+- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as:  
 ```
   $ cp -r /opt/intel/sgxsdk/SampleCode ~
 ```
-- Compile and run each sample codes in the simulation mode to make sure the package works well.  
+- Compile and run each sample codes in the simulation mode to make sure the package works well:    
 ```
   $ cd SampleCode/LocalAttestation
-  $ make
+  $ make SGX_MODE=SIM
   $ ./app
 ```
    Use similar commands for other sample codes.
-
 ###Compile and Run the Sample Codes in the Hardware Mode
-If you use an SGX hardware enabled machine, you need to run the sample codes in the hardware mode.
-Ensure that you install SGX driver and Intel(R) SGX PSW installer on the machine.  
+If you use an Intel SGX hardware enabled machine, you can run the sample codes in the hardware mode.
+Ensure that you install Intel(R) SGX driver and Intel(R) SGX PSW installer on the machine.  
+See the topic, Build and Install the Intel(R) SGX Driver, on how to install the Intel(R) SGX driver.  
 See the topic, Install Intel(R) SGX PSW, on how to install the PSW package.
-- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as  
+- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as:   
 ```
   $ cp -r /opt/intel/sgxsdk/SampleCode ~
 ```
-- Compile and run each sample codes in the debug mode.  
+- Compile and run each sample codes in the hardware mode, debug build:  
 ```
   $ cd SampleCode/LocalAttestation
-  $ make SGX_MODE=HW SGX_DEBUG=1
+  $ make
   $ ./app
 ```
    Use similar commands for other sample codes.
-
 Install Intel(R) SGX PSW
 ------------------------
 ###Prerequisites
 - Ensure that you have the following required operating systems:  
-  Ubuntu\* Desktop-14.04-LTS 64bits
+  * Ubuntu\* Desktop-16.04-LTS 64bits
+  * Red Hat Enterprise Linux Server release 7.2 64bits
+  * CentOS 7.3.1611 64bits
 - Ensure that you have the following required hardware:  
   6th Generation Intel(R) Core(TM) Processor (code named Skylake)
-- Configure the system with the **SGX hardware enabled** option and install SGX driver in advance.  
-  See the topic, Build and Install the Intel(R) SGX Driver, on how to install the SGX driver.
+- Configure the system with the **Intel SGX hardware enabled** option and install Intel SGX driver in advance.  
+  See the topic, Build and Install the Intel(R) SGX Driver, on how to install the Intel SGX driver.
 - Install the library using the following command:  
-```
-  $ sudo apt-get install libcurl4-openssl-dev libprotobuf-dev libprotobuf-c0-dev
+  * On Ubuntu 16.04:
+  ```
+    $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
+  ```
+  * On Red Hat Enterprise Linux 7.2 and CentOS 7.3:
+  ```
+    $ sudo yum install openssl-devel libcurl-devel protobuf-devel
+  ```
+- To use trusted platform service on Ubuntu 16.04  
+  Ensure mei_me driver is enabled and /dev/mei0 exists.  
+  [Download iclsClient](https://software.intel.com/en-us/sgx-sdk/download) and install it using the following commands:  
+```
+$ sudo apt-get install alien
+$ sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm
+$ sudo dpkg -i iclsclient_1.45.449.12-2_amd64.deb
+```
+  Download source code from [dynamic-application-loader-host-interface](https://github.com/01org/dynamic-application-loader-host-interface) project. In the source code folder build and install JHI service using the following commands:
+```
+$ sudo apt-get install uuid-dev libxml2-dev
+$ cmake .;make;sudo make install;sudo systemclt enable jhi
 ```
 
 ###Install Intel(R) SGX PSW

SampleCode/LocalAttestation/App/App.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave1/Enclave1.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration> 
-  <ProdID>0</ProdID> 
-  <ISVSVN>0</ISVSVN> 
-  <StackMaxSize>0x40000</StackMaxSize> 
-  <HeapMaxSize>0x100000</HeapMaxSize> 
-  <TCSNum>1</TCSNum> 
-  <TCSPolicy>1</TCSPolicy> 
-  <DisableDebug>0</DisableDebug> 
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration> 
+  <ProdID>0</ProdID> 
+  <ISVSVN>0</ISVSVN> 
+  <StackMaxSize>0x40000</StackMaxSize> 
+  <HeapMaxSize>0x100000</HeapMaxSize> 
+  <TCSNum>1</TCSNum> 
+  <TCSPolicy>1</TCSPolicy> 
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug> 
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/LocalAttestation/Enclave1/Enclave1.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave1/Enclave1.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave1/Enclave1.lds

@@ -0,0 +1,10 @@
+Enclave1.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

SampleCode/LocalAttestation/Enclave1/Utility_E1.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave1/Utility_E1.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave2/Enclave2.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration> 
-  <ProdID>0</ProdID> 
-  <ISVSVN>0</ISVSVN> 
-  <StackMaxSize>0x40000</StackMaxSize> 
-  <HeapMaxSize>0x100000</HeapMaxSize> 
-  <TCSNum>1</TCSNum> 
-  <TCSPolicy>1</TCSPolicy> 
-  <DisableDebug>0</DisableDebug>
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration> 
+  <ProdID>0</ProdID> 
+  <ISVSVN>0</ISVSVN> 
+  <StackMaxSize>0x40000</StackMaxSize> 
+  <HeapMaxSize>0x100000</HeapMaxSize> 
+  <TCSNum>1</TCSNum> 
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/LocalAttestation/Enclave2/Enclave2.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave2/Enclave2.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave2/Enclave2.lds

@@ -0,0 +1,10 @@
+Enclave2.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

SampleCode/LocalAttestation/Enclave2/Utility_E2.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave2/Utility_E2.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave3/Enclave3.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration> 
-  <ProdID>0</ProdID> 
-  <ISVSVN>0</ISVSVN> 
-  <StackMaxSize>0x40000</StackMaxSize> 
-  <HeapMaxSize>0x100000</HeapMaxSize> 
-  <TCSNum>1</TCSNum> 
-  <TCSPolicy>1</TCSPolicy> 
-  <DisableDebug>0</DisableDebug> 
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration> 
+  <ProdID>0</ProdID> 
+  <ISVSVN>0</ISVSVN> 
+  <StackMaxSize>0x40000</StackMaxSize> 
+  <HeapMaxSize>0x100000</HeapMaxSize> 
+  <TCSNum>1</TCSNum> 
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug> 
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/LocalAttestation/Enclave3/Enclave3.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave3/Enclave3.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave3/Enclave3.lds

@@ -0,0 +1,10 @@
+Enclave3.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

SampleCode/LocalAttestation/Enclave3/Utility_E3.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Enclave3/Utility_E3.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Include/dh_session_protocol.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/LocalAttestationCode/EnclaveMessageExchange.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/LocalAttestationCode/LocalAttestationCode.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/LocalAttestationCode/datatypes.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/LocalAttestationCode/error_codes.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -118,6 +118,10 @@ App_Name := app
 
 ######## Enclave Settings ########
 
+Enclave1_Version_Script := Enclave1/Enclave1.lds
+Enclave2_Version_Script := Enclave2/Enclave2.lds
+Enclave3_Version_Script := Enclave3/Enclave3.lds
+
 ifneq ($(SGX_MODE), HW)
 	Trts_Library_Name := sgx_trts_sim
 	Service_Library_Name := sgx_tservice_sim
@@ -141,12 +145,15 @@ Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpi
 #       Use `--start-group' and `--end-group' to link these libraries.
 # Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
 # Otherwise, you may get some undesirable errors.
-Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
 	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
 	-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
 	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
 	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
 	-Wl,--defsym,__ImageBase=0
+Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
+Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
+Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
 
 Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
 Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
@@ -175,7 +182,7 @@ endif
 endif
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclaves use the following commands:"
@@ -185,7 +192,7 @@ all: $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(
 	@echo "You can also sign the enclaves using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
-all: $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
 ifeq ($(Build_Mode), HW_DEBUG)
 	@echo "The project has been built in debug hardware mode."
 else ifeq ($(Build_Mode), SIM_DEBUG)
@@ -199,6 +206,10 @@ else
 endif
 endif
 
+.config_$(Build_Mode)_$(SGX_ARCH):
+	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.*              LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.* 
+	@touch .config_$(Build_Mode)_$(SGX_ARCH)
+
 ######## Library Objects ########
 
 LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
@@ -274,7 +285,7 @@ Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
 	@echo "CXX  <=  $<"
 
 Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
-	@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave_Link_Flags)
+	@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_1): Enclave1.so
@@ -294,7 +305,7 @@ Enclave2/%.o: Enclave2/%.cpp
 	@echo "CXX  <=  $<"
 
 Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
-	@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave_Link_Flags)
+	@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_2): Enclave2.so
@@ -314,7 +325,7 @@ Enclave3/%.o: Enclave3/%.cpp
 	@echo "CXX  <=  $<"
 
 Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
-	@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave_Link_Flags)
+	@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_3): Enclave3.so
@@ -325,4 +336,4 @@ $(Enclave_Name_3): Enclave3.so
 .PHONY: clean
 
 clean:
-	@rm -rf $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
+	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*

SampleCode/LocalAttestation/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/LocalAttestation/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/App/App.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/App/ErrorSupport.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/App/ErrorSupport.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/App/rwlock.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/App/rwlock.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/Common/types.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/Enclave/Enclave.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration>
-  <ProdID>0</ProdID>
-  <ISVSVN>0</ISVSVN>
-  <StackMaxSize>0x40000</StackMaxSize>
-  <HeapMaxSize>0x100000</HeapMaxSize>
-  <TCSNum>3</TCSNum>
-  <TCSPolicy>1</TCSPolicy>
-  <DisableDebug>0</DisableDebug>
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>3</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/PowerTransition/Enclave/Enclave.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/Enclave/Enclave.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/PowerTransition/Enclave/Enclave.lds

@@ -4,6 +4,7 @@ libenclave.so
         g_global_data_sim;
         g_global_data;
         enclave_entry;
+        g_peak_heap_used;
     local:
         *;
 };

SampleCode/PowerTransition/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -168,7 +168,7 @@ endif
 endif
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: $(App_Name) $(Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclave use the command:"
@@ -176,7 +176,7 @@ all: $(App_Name) $(Enclave_Name)
 	@echo "You can also sign the enclave using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
-all: $(App_Name) $(Signed_Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Signed_Enclave_Name)
 ifeq ($(Build_Mode), HW_DEBUG)
 	@echo "The project has been built in debug hardware mode."
 else ifeq ($(Build_Mode), SIM_DEBUG)
@@ -190,6 +190,10 @@ else
 endif
 endif
 
+.config_$(Build_Mode)_$(SGX_ARCH):
+	@rm -f .config_* $(App_Name) $(App_Objects) $(Enclave_Name) $(Enclave_Objects) App/Enclave_u.* Enclave/Enclave_t.* $(Signed_Enclave_Name) 
+	@touch .config_$(Build_Mode)_$(SGX_ARCH)
+
 ######## App Objects ########
 
 $(Gen_Untrusted_Source): $(SGX_EDGER8R) Enclave/Enclave.edl
@@ -236,4 +240,4 @@ $(Signed_Enclave_Name): $(Enclave_Name)
 
 
 clean:
-	@rm -f $(App_Name) $(App_Objects) $(Enclave_Name) $(Enclave_Objects) App/Enclave_u.* Enclave/Enclave_t.* $(Signed_Enclave_Name)
+	@rm -f .config_* $(App_Name) $(App_Objects) $(Enclave_Name) $(Enclave_Objects) App/Enclave_u.* Enclave/Enclave_t.* $(Signed_Enclave_Name)

SampleCode/RemoteAttestation/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -178,7 +178,7 @@ endif
 .PHONY: all run
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: libservice_provider.so $(App_Name) $(Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) libservice_provider.so $(App_Name) $(Enclave_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclave use the command:"
@@ -186,7 +186,7 @@ all: libservice_provider.so $(App_Name) $(Enclave_Name)
 	@echo "You can also sign the enclave using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
-all: libservice_provider.so $(App_Name) $(Signed_Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) libservice_provider.so $(App_Name) $(Signed_Enclave_Name)
 ifeq ($(Build_Mode), HW_DEBUG)
 	@echo "The project has been built in debug hardware mode."
 else ifeq ($(Build_Mode), SIM_DEBUG)
@@ -206,6 +206,11 @@ ifneq ($(Build_Mode), HW_RELEASE)
 	@echo "RUN  =>  $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
 endif
 
+.config_$(Build_Mode)_$(SGX_ARCH):
+	@rm -f .config_* $(App_Name) $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)
+	@touch .config_$(Build_Mode)_$(SGX_ARCH)
+
+
 ######## App Objects ########
 
 isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
@@ -260,4 +265,4 @@ $(Signed_Enclave_Name): $(Enclave_Name)
 .PHONY: clean
 
 clean:
-	@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)
+	@rm -f .config_* $(App_Name) $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)

SampleCode/RemoteAttestation/isv_app/isv_app.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/isv_app/sample_messages.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/isv_enclave/isv_enclave.config.xml

@@ -1,11 +1,12 @@
-<EnclaveConfiguration>
-  <ProdID>0</ProdID>
-  <ISVSVN>0</ISVSVN>
-  <StackMaxSize>0x40000</StackMaxSize>
-  <HeapMaxSize>0x100000</HeapMaxSize>
-  <TCSNum>1</TCSNum>
-  <TCSPolicy>1</TCSPolicy>
-  <DisableDebug>0</DisableDebug>
-  <MiscSelect>0</MiscSelect>
-  <MiscMask>0xFFFFFFFF</MiscMask>
-</EnclaveConfiguration>
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>1</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/isv_enclave/isv_enclave.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/isv_enclave/isv_enclave.lds

@@ -4,6 +4,7 @@ enclave.so
         g_global_data_sim;
         g_global_data;
         enclave_entry;
+        g_peak_heap_used;
     local:
         *;
 };

SampleCode/RemoteAttestation/service_provider/ecp.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/ecp.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/ias_ra.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/ias_ra.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/network_ra.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/network_ra.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/service_provider.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/RemoteAttestation/service_provider/service_provider.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/App.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/App.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/Edger8rSyntax/Arrays.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/Edger8rSyntax/Functions.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/Edger8rSyntax/Pointers.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/Edger8rSyntax/Types.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/TrustedLibrary/Libc.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/TrustedLibrary/Libcxx.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/App/TrustedLibrary/Thread.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Arrays.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Arrays.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Functions.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Functions.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Types.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Types.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Enclave.config.xml

@@ -5,6 +5,7 @@
   <HeapMaxSize>0x100000</HeapMaxSize>
   <TCSNum>10</TCSNum>
   <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
   <DisableDebug>0</DisableDebug>
   <MiscSelect>0</MiscSelect>
   <MiscMask>0xFFFFFFFF</MiscMask>

SampleCode/SampleEnclave/Enclave/Enclave.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Enclave.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Enclave.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/Enclave.lds

@@ -4,6 +4,7 @@ enclave.so
         g_global_data_sim;
         g_global_data;
         enclave_entry;
+        g_peak_heap_used;
     local:
         *;
 };

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libc.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libc.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libcxx.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libcxx.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Thread.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Enclave/TrustedLibrary/Thread.edl

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Include/user_types.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

SampleCode/SampleEnclave/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
+# Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -164,7 +164,7 @@ endif
 .PHONY: all run
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: $(App_Name) $(Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclave use the command:"
@@ -172,7 +172,7 @@ all: $(App_Name) $(Enclave_Name)
 	@echo "You can also sign the enclave using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
-all: $(App_Name) $(Signed_Enclave_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Signed_Enclave_Name)
 ifeq ($(Build_Mode), HW_DEBUG)
 	@echo "The project has been built in debug hardware mode."
 else ifeq ($(Build_Mode), SIM_DEBUG)
@@ -210,6 +210,9 @@ $(App_Name): App/Enclave_u.o $(App_Cpp_Objects)
 	@$(CXX) $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 
+.config_$(Build_Mode)_$(SGX_ARCH):
+	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
+	@touch .config_$(Build_Mode)_$(SGX_ARCH)
 
 ######## Enclave Objects ########
 
@@ -236,4 +239,4 @@ $(Signed_Enclave_Name): $(Enclave_Name)
 .PHONY: clean
 
 clean:
-	@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
+	@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*

SampleCode/SealedData/.cproject

@@ -0,0 +1,219 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug Sim Mode">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="SGX Debug Sim Mode" parent="com.intel.sgx.configuration.Sim.Debug">
+					<folderInfo id="com.intel.sgx.configuration.Sim.Debug.292452237" name="/" resourcePath="">
+						<toolChain id="com.intel.sgx.toolChain.Sim.Debug.1618485184" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Debug">
+							<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1039454044" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
+							<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.1591862020" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
+							<tool id="com.intel.sgx.compiler.1853780321" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
+								<option id="com.intel.sgx.option.includePath.1427419865" superClass="com.intel.sgx.option.includePath" valueType="includePath">
+									<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
+								</option>
+								<inputType id="com.intel.sgx.inputType.1817588305" superClass="com.intel.sgx.inputType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug HW Mode">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="SGX Debug HW Mode" parent="com.intel.sgx.configuration.HW.Debug">
+					<folderInfo id="com.intel.sgx.configuration.HW.Debug.971320034" name="/" resourcePath="">
+						<toolChain id="com.intel.sgx.toolChain.HW.Debug.1761600540" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Debug">
+							<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.131147161" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
+							<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.1502087524" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
+							<tool id="com.intel.sgx.compiler.1085280084" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
+								<option id="com.intel.sgx.option.includePath.57165741" superClass="com.intel.sgx.option.includePath" valueType="includePath">
+									<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
+								</option>
+								<inputType id="com.intel.sgx.inputType.79844751" superClass="com.intel.sgx.inputType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release Sim Mode">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="SGX Release Sim Mode" parent="com.intel.sgx.configuration.Sim.Release">
+					<folderInfo id="com.intel.sgx.configuration.Sim.Release.151408355" name="/" resourcePath="">
+						<toolChain id="com.intel.sgx.toolChain.Sim.Release.1055083183" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Release">
+							<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.471419902" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
+							<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1151273037" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
+							<tool id="com.intel.sgx.compiler.1302347316" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
+								<option id="com.intel.sgx.option.includePath.1645761127" superClass="com.intel.sgx.option.includePath" valueType="includePath">
+									<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
+								</option>
+								<inputType id="com.intel.sgx.inputType.640775034" superClass="com.intel.sgx.inputType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="SGX Pre-release Release HW Mode">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="SGX Pre-release Release HW Mode" parent="com.intel.sgx.configuration.HW.Prerelease">
+					<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.1418650208" name="/" resourcePath="">
+						<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.1668578385" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Prerelease">
+							<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.977258758" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
+							<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.1888300852" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
+							<tool id="com.intel.sgx.compiler.2113538546" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
+								<option id="com.intel.sgx.option.includePath.904888562" superClass="com.intel.sgx.option.includePath" valueType="includePath">
+									<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
+								</option>
+								<inputType id="com.intel.sgx.inputType.283498732" superClass="com.intel.sgx.inputType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+		<cconfiguration id="com.intel.sgx.configuration.HW.Release">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release HW Mode">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="SGX Release HW Mode" parent="com.intel.sgx.configuration.HW.Release">
+					<folderInfo id="com.intel.sgx.configuration.HW.Release.1657582763" name="/" resourcePath="">
+						<toolChain id="com.intel.sgx.toolChain.HW.Release.465410401" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Release">
+							<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.828352216" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
+							<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.714105790" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
+							<tool id="com.intel.sgx.compiler.595797282" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
+								<option id="com.intel.sgx.option.includePath.1385078253" superClass="com.intel.sgx.option.includePath" valueType="includePath">
+									<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
+								</option>
+								<inputType id="com.intel.sgx.inputType.463677873" superClass="com.intel.sgx.inputType"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="SealedData.null.1312290154" name="SealedData"/>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="refreshScope" versionNumber="2">
+		<configuration configurationName="SGX Debug HW Mode">
+			<resource resourceType="PROJECT" workspacePath="/SealedData"/>
+		</configuration>
+		<configuration configurationName="SGX Debug Sim Mode">
+			<resource resourceType="PROJECT" workspacePath="/SealedData"/>
+		</configuration>
+		<configuration configurationName="Debug">
+			<resource resourceType="PROJECT" workspacePath="/SealedData"/>
+		</configuration>
+		<configuration configurationName="Release">
+			<resource resourceType="PROJECT" workspacePath="/SealedData"/>
+		</configuration>
+		<configuration configurationName="SGX Release HW Mode">
+			<resource resourceType="PROJECT" workspacePath="/SealedData"/>
+		</configuration>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.680828348;cdt.managedbuild.config.gnu.exe.release.680828348.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2137539087;cdt.managedbuild.tool.gnu.c.compiler.input.762444756">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.SGXtoolChain.977521771;com.intel.sgx.SGXtoolChain.977521771.100429378;com.intel.sgx.compiler.787445976;com.intel.sgx.inputType.1814458059">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.151408355;com.intel.sgx.compiler.1302347316;com.intel.sgx.inputType.640775034">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1377487595;cdt.managedbuild.config.gnu.exe.debug.1377487595.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1972419354;cdt.managedbuild.tool.gnu.c.compiler.input.1480710981">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1657582763;com.intel.sgx.compiler.595797282;com.intel.sgx.inputType.463677873">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.292452237;com.intel.sgx.compiler.1853780321;com.intel.sgx.inputType.1817588305">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.971320034;com.intel.sgx.compiler.1085280084;com.intel.sgx.inputType.79844751">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+		<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.1418650208;com.intel.sgx.compiler.2113538546;com.intel.sgx.inputType.283498732">
+			<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
+		</scannerConfigBuildInfo>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
+</cproject>

SampleCode/SealedData/.project

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>SealedData</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
+			<triggers>clean,full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
+			<triggers>full,incremental,</triggers>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.cdt.core.cnature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
+		<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
+		<nature>org.eclipse.cdt.core.ccnature</nature>
+		<nature>com.intel.sgx.sgxnature</nature>
+	</natures>
+</projectDescription>

SampleCode/SealedData/DRM_app/DRM_app.cpp

@@ -0,0 +1,307 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#include "ReplayProtectedDRM.h"
+#include "TimeBasedDRM.h"
+#include <iostream>
+using namespace std;
+
+
+#include <string.h>
+#include <unistd.h>
+#define memcpy_s(dst,dst_size,src,max_count)  memcpy(dst,src,max_count)
+#define Sleep(n) usleep((n)*1000)
+
+uint32_t test_replay_protected_drm_operation()
+{
+    cout<<endl<<"\tReplay Protected DRM operation:"<<endl;
+    uint32_t result = 0;
+    ReplayProtectedDRM DRM;
+    result = DRM.init();
+    if(result)
+    {
+        cerr<<"Initialization the DRM failed."<<endl;
+        return result;
+    }
+    else 
+        cout<<"Successfully initialized the DRM."<<endl;
+
+    do{
+        result = DRM.perform_function();
+        if(result)
+        {
+            cerr<<"Performing the DRM functions failed."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully performed the DRM functions."<<endl;
+
+        result = DRM.update_secret();
+        if(result)
+        {
+            cerr<<"Updating the DRM secret failed."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully updated the DRM secret."<<endl;
+
+        result = DRM.perform_function();
+        if(result)
+        {
+            cerr<<"Performing the DRM functions failed."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully performed the DRM functions."<<endl;
+
+    }while(0);
+
+    if(DRM.delete_secret())
+    {
+        cerr<<"Deleting the DRM secret failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully deleted the DRM secret."<<endl;
+    return result;
+}
+
+uint32_t test_replay_protected_drm_update_limitation()
+{
+    cout<<endl<<"\tReplay Protected DRM update limitation:"<<endl;
+    uint32_t result = 0;
+    ReplayProtectedDRM DRM;
+    result = DRM.init();
+    if(result)
+    {
+        cerr<<"Initialization the DRM failed."<<endl;
+        return result;
+    }
+    else 
+        cout<<"Successfully initialized the DRM."<<endl;
+    do{
+        result = DRM.perform_function();
+        if(result)
+        {
+            cerr<<"Performing the DRM functions fail."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully performed the DRM functions."<<endl;
+        for (int i = 0; i <= REPLAY_PROTECTED_PAY_LOAD_MAX_RELEASE_VERSION; i++)
+        {
+            result = DRM.update_secret();
+            if(result == MAX_RELEASE_REACHED &&
+                i>=REPLAY_PROTECTED_PAY_LOAD_MAX_RELEASE_VERSION)
+            {
+                cout<<"\tExpected failure."<<endl
+                    <<"\tThe DRM secret update limitation reached."<<endl;
+                result = 0;
+                return result;
+            }
+            else if(result)
+            {
+                cerr<<"Updating the DRM secret failed."<<endl;
+                break;
+            }
+            else 
+                cout<<"Successfully updated the DRM secret."<<endl;
+
+            result = DRM.perform_function();
+            if(result)
+            {
+                cerr<<"Performing the DRM functions failed."<<endl;
+                break;
+            }
+            else
+                cout<<"Successfully performed the DRM functions."<<endl;
+        }
+        if(!result)
+        {
+            result = 1;
+            cerr<<"\tUnexpcted success."<<endl
+                <<"\tFailed to catch update limitation."<<endl;
+        }
+    }while(0);
+
+    if(DRM.delete_secret())
+    {
+        cerr<<"Deleting the DRM secret failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully deleted the DRM secret."<<endl;
+    return result;
+}
+
+uint32_t test_replay_protected_drm_replay_attack_protection()
+{
+    cout<<endl<<"\tReplay Protected DRM replay attack protection:"<<endl;
+    uint32_t result = 0;
+    uint8_t sealed_log[ReplayProtectedDRM::sealed_activity_log_length];
+    ReplayProtectedDRM DRM;
+    result = DRM.init(sealed_log);
+    if(result)
+    {
+        cerr<<"Initialization the DRM failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully initialized the DRM."<<endl;
+
+    /* store a valid log for replay attack */
+    uint8_t replay_log[ReplayProtectedDRM::sealed_activity_log_length];
+    memcpy_s(replay_log,ReplayProtectedDRM::sealed_activity_log_length,
+        sealed_log,ReplayProtectedDRM::sealed_activity_log_length);
+    do{
+        result = DRM.update_secret(sealed_log);
+        if(result)
+        {
+            cerr<<"Updating the DRM secret functions failed."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully updated the DRM functions."<<endl;
+
+
+        result = DRM.perform_function(replay_log);
+        if(result == REPLAY_DETECTED)
+            cout<<"\tExpected failure."<<endl
+            <<"\tReplay attack to DRM functions is caught."<<endl;
+        else
+        {
+            cerr<<"\tUnexpcted success."<<endl
+            <<"\tReplay attack to DRM functions is NOT caught."<<endl;
+            result = 1;
+            break;
+        }
+
+        result = DRM.perform_function(sealed_log);
+        if(result)
+        {
+            cerr<<"Performing the DRM functions failed."<<endl;
+            break;
+        }
+        else
+            cout<<"Successfully performed the DRM functions ."<<endl;
+
+    }while(0);
+
+    if(DRM.delete_secret(sealed_log))
+    {
+        cerr<<"Deleting the DRM secret failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully deleted the DRM secret."<<endl;
+    return result;
+}
+
+uint32_t test_time_based_policy_operation()
+{
+    cout<<endl<<"\tTime based policy operation:"<<endl;
+    TimeBasedDRM DRM;
+    uint32_t result = 0;
+    result = DRM.init();
+    if(result)
+    {
+        cerr<<"Initialization the time based policy failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully initialized the time based policy."<<endl;
+
+    result = DRM.perform_function();
+    if(result)
+    {
+        cerr<<"Performing the time based policy functions failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully performed the time based policy functions."<<endl;
+    return 0;
+}
+
+uint32_t test_time_based_policy_expiration()
+{
+    cout<<endl<<"\tTime based policy expiration:"<<endl;
+    TimeBasedDRM DRM;
+    uint32_t result = 0;
+    result = DRM.init();
+    if(result)
+    {
+        cerr<<"Initialization the time based policy failed."<<endl;
+        return result;
+    }
+    else
+        cout<<"Successfully initialized the time based policy."<<endl;
+
+    /* wait for time based DRM expiring */
+    Sleep((TIME_BASED_LEASE_DURATION_SECOND+1)*1000);
+    result = DRM.perform_function();
+    if(result== LEASE_EXPIRED)
+    {
+        cout<<"\tExpected failure."<<endl
+            <<"\tTime based policy has expired."<<endl;
+        return 0;
+    }
+    else
+    {
+        cerr<<"\tUnexpcted success."<<endl
+            <<"\tTime based policy failed to catch expiration."<<endl;
+        return 1;
+    }
+}
+
+#define _T(x) x
+int main(int argc, char* argv[])
+{
+    argc; /* unused parameter */
+    argv; /* unused parameter */
+    uint32_t result;
+    /* normal operation */
+    result = test_replay_protected_drm_operation();
+    /* trigger update limitation */
+    result = test_replay_protected_drm_update_limitation();
+    /* replay attack */
+    result = test_replay_protected_drm_replay_attack_protection();
+    /* normal operation */
+    result = test_time_based_policy_operation();
+    /* trigger expiration */
+    result = test_time_based_policy_expiration();
+    
+    printf("Enter a character before exit ...\n");
+    getchar();
+    return 0;
+}
+

SampleCode/SealedData/DRM_app/ReplayProtectedDRM.cpp

@@ -0,0 +1,188 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#include <iostream>
+#include "sgx.h"
+#include "sgx_urts.h"
+#include "sgx_uae_service.h"
+#include "DRM_enclave_u.h"
+#include "ReplayProtectedDRM.h"
+#include "sgx_tseal.h"
+
+using namespace std;
+
+#define ENCLAVE_NAME    "DRM_enclave.signed.so"
+
+
+ReplayProtectedDRM::ReplayProtectedDRM(): enclave_id(0)
+{
+    int updated = 0;
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    sgx_ret = sgx_create_enclave(ENCLAVE_NAME, SGX_DEBUG_FLAG,
+        &launch_token, &updated, &enclave_id, NULL);
+    if (sgx_ret)
+    {
+        cerr<<"cannot create enclave, error code = 0x"<< hex<< sgx_ret <<endl;
+    }
+}
+
+
+ReplayProtectedDRM::~ReplayProtectedDRM(void)
+{
+    if(enclave_id)
+        sgx_destroy_enclave(enclave_id);
+}
+
+uint32_t ReplayProtectedDRM:: init(uint8_t*  stored_sealed_activity_log)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    sgx_ps_cap_t ps_cap;
+    memset(&ps_cap, 0, sizeof(sgx_ps_cap_t));
+    sgx_ret = sgx_get_ps_cap(&ps_cap);
+    if (sgx_ret)
+    {
+        cerr<<"cannot get platform service capability, error code = 0x"<< hex
+            << sgx_ret <<endl;
+        return sgx_ret;
+    }
+    if (!SGX_IS_MONOTONIC_COUNTER_AVAILABLE(ps_cap))
+    {
+        cerr<<"monotonic counter is not supported"<<endl;
+        return SGX_ERROR_SERVICE_UNAVAILABLE;
+    }
+    uint32_t enclave_ret = 0;
+    sgx_ret = create_sealed_policy(enclave_id, &enclave_ret,
+        (uint8_t *)stored_sealed_activity_log, sealed_activity_log_length);
+    if (sgx_ret)
+    {
+        cerr<<"call create_sealed_policy fail, error code = 0x"<< hex<< sgx_ret
+            <<endl;
+        return sgx_ret;
+    } 
+    if (enclave_ret)
+    {
+        cerr<<"cannot create_sealed_policy, function return fail, error code ="
+            "0x"<< hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+
+uint32_t ReplayProtectedDRM:: init()
+{
+    return init(sealed_activity_log);
+}
+
+
+
+uint32_t ReplayProtectedDRM:: perform_function(
+    uint8_t* stored_sealed_activity_log)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    uint32_t enclave_ret = 0;
+    sgx_ret = perform_sealed_policy(enclave_id, &enclave_ret,
+        (uint8_t *)stored_sealed_activity_log, sealed_activity_log_length);
+    if (sgx_ret)
+    {
+        cerr<<"call perform_sealed_policy fail, error code = 0x"<< hex<< sgx_ret
+            <<endl;
+        return sgx_ret;
+    } 
+    if (enclave_ret)
+    {
+        cerr<<"cannot perform_sealed_policy, function return fail, error code ="
+            "0x"<< hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+uint32_t ReplayProtectedDRM:: perform_function()
+{
+    return perform_function(sealed_activity_log);
+}
+
+uint32_t ReplayProtectedDRM:: update_secret(uint8_t* stored_sealed_activity_log)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    uint32_t enclave_ret = 0;
+    sgx_ret = update_sealed_policy(enclave_id, &enclave_ret,
+        (uint8_t *)stored_sealed_activity_log, sealed_activity_log_length);
+    if (sgx_ret)
+    {
+        cerr<<"call update_sealed_policy fail, error code = 0x"<< hex<< sgx_ret
+            <<endl;
+        return sgx_ret;
+    } 
+    if (enclave_ret)
+    {
+        cerr<<"cannot update_sealed_policy, function return fail, error code ="
+            "0x"<< hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+
+uint32_t ReplayProtectedDRM::update_secret()
+{
+    return update_secret(sealed_activity_log); 
+}
+
+uint32_t ReplayProtectedDRM:: delete_secret(uint8_t* stored_sealed_activity_log)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    uint32_t enclave_ret = 0;
+    sgx_ret = delete_sealed_policy(enclave_id, &enclave_ret,
+        (uint8_t *)stored_sealed_activity_log, sealed_activity_log_length);
+    if (sgx_ret)
+    {
+        cerr<<"call delete_sealed_policy fail, error code = 0x"<< hex<< sgx_ret 
+            <<endl;
+        return sgx_ret;
+    } 
+    if (enclave_ret)
+    {
+        cerr<<"cannot delete_sealed_policy, function return fail, error code ="
+            "0x"<< hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+
+uint32_t ReplayProtectedDRM::delete_secret()
+{
+    return delete_secret(sealed_activity_log);
+}

SampleCode/SealedData/DRM_app/ReplayProtectedDRM.h

@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#pragma once
+#include "stdlib.h"
+#include "sgx.h"
+#include "sgx_urts.h"
+#include "../include/sealed_data_defines.h"
+
+
+class ReplayProtectedDRM
+{
+public:
+    ReplayProtectedDRM();
+    ~ReplayProtectedDRM(void);
+    
+    uint32_t init(uint8_t*  stored_sealed_activity_log);
+    uint32_t init();
+    uint32_t perform_function();
+    uint32_t perform_function(uint8_t* stored_sealed_activity_log);
+    uint32_t update_secret();
+    uint32_t update_secret(uint8_t* stored_sealed_activity_log);
+
+    uint32_t delete_secret();
+    uint32_t delete_secret(uint8_t* stored_sealed_activity_log);
+
+    uint32_t get_activity_log(uint8_t* stored_sealed_activity_log);
+
+    
+    static const uint32_t sealed_activity_log_length = SEALED_REPLAY_PROTECTED_PAY_LOAD_SIZE;
+private:
+    uint8_t  sealed_activity_log[sealed_activity_log_length];
+    sgx_enclave_id_t enclave_id;
+    sgx_launch_token_t launch_token;
+
+};
+

SampleCode/SealedData/DRM_app/TimeBasedDRM.cpp

@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#include "TimeBasedDRM.h"
+#include "sgx_urts.h"
+#include "sgx_uae_service.h"
+#include "DRM_enclave_u.h"
+#include <iostream>
+using namespace std;
+
+#define ENCLAVE_NAME    "DRM_enclave.signed.so"
+
+TimeBasedDRM::TimeBasedDRM(void): enclave_id(0)
+{
+    int updated = 0;
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    sgx_ret = sgx_create_enclave(ENCLAVE_NAME, SGX_DEBUG_FLAG,
+        &launch_token, &updated, &enclave_id, NULL);
+    if (sgx_ret)
+    {
+        cerr<<"cannot create enclave, error code = 0x"<< hex<< sgx_ret <<endl;
+    }
+}
+
+
+TimeBasedDRM::~TimeBasedDRM(void)
+{
+    if(enclave_id)
+        sgx_destroy_enclave(enclave_id);
+}
+
+uint32_t TimeBasedDRM:: init(uint8_t*  stored_time_based_policy)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    sgx_ps_cap_t ps_cap;
+    memset(&ps_cap, 0, sizeof(sgx_ps_cap_t));
+    sgx_ret = sgx_get_ps_cap(&ps_cap);
+    if (sgx_ret)
+    {
+        cerr<<"cannot get platform service capability, error code = 0x"<< hex<<
+            sgx_ret <<endl;
+        return sgx_ret;
+    }
+    if (!SGX_IS_TRUSTED_TIME_AVAILABLE(ps_cap))
+    {
+        cerr<<"trusted time is not supported"<<endl;
+        return SGX_ERROR_SERVICE_UNAVAILABLE;
+    }
+    uint32_t enclave_ret = 0;
+    sgx_ret = create_time_based_policy(enclave_id, &enclave_ret,
+        (uint8_t *)stored_time_based_policy, time_based_policy_length);
+    if (sgx_ret)
+    {
+        cerr<<"call create_time_based_policy fail, error code = 0x"<< hex<<
+            sgx_ret <<endl;
+        return sgx_ret;
+    } 
+    if (enclave_ret)
+    {
+        cerr<<"cannot create_time_based_policy, function return fail, error code = 0x"
+            << hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+
+uint32_t TimeBasedDRM:: init()
+{
+    return init(time_based_policy);
+}
+
+
+
+uint32_t TimeBasedDRM::perform_function(uint8_t* stored_time_based_policy)
+{
+    sgx_status_t sgx_ret = SGX_ERROR_UNEXPECTED;
+    uint32_t enclave_ret = 0;
+    sgx_ret = perform_time_based_policy(enclave_id, &enclave_ret,
+        stored_time_based_policy, time_based_policy_length);
+    if (sgx_ret)
+    {
+        cerr<<"call perform_time_based_policy fail, error code = 0x"<< hex<<
+            sgx_ret <<endl;
+        return sgx_ret;
+    }
+    if (enclave_ret)
+    {
+        cerr<<"cannot perform_time_based_policy, function return fail, error code = 0x"
+            << hex<< enclave_ret <<endl;
+        return enclave_ret;
+    }
+    return 0;
+}
+
+uint32_t TimeBasedDRM::perform_function()
+{
+    return perform_function(time_based_policy);
+}

SampleCode/SealedData/DRM_app/TimeBasedDRM.h

@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#pragma once
+#include "stdlib.h"
+#include "sgx.h"
+#include "sgx_urts.h"
+#include "../include/sealed_data_defines.h"
+
+class TimeBasedDRM
+{
+public:
+    TimeBasedDRM(void);
+    ~TimeBasedDRM(void);
+        uint32_t init(uint8_t*  stored_time_based_policy);
+    uint32_t init();
+    
+    uint32_t perform_function();
+    uint32_t perform_function(uint8_t* stored_time_based_policy);
+
+    uint32_t get_time_based_policy(uint8_t* stored_time_based_policy);
+
+    static const uint32_t time_based_policy_length = TIME_BASED_PAY_LOAD_SIZE;
+private:
+    uint8_t  time_based_policy[time_based_policy_length];
+    sgx_enclave_id_t enclave_id;
+    sgx_launch_token_t launch_token;
+};
+

SampleCode/SealedData/DRM_enclave/DRM_enclave.config.xml

@@ -0,0 +1,11 @@
+<EnclaveConfiguration> 
+  <ProdID>0</ProdID> 
+  <ISVSVN>0</ISVSVN> 
+  <StackMaxSize>0x4000</StackMaxSize> 
+  <HeapMaxSize>0x10000</HeapMaxSize> 
+  <TCSNum>1</TCSNum> 
+  <TCSPolicy>1</TCSPolicy> 
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>