Li, Xun 75dd558bda Linux 2.1.3 Open Source Gold Release | 6 vuotta sitten | |
---|---|---|
.. | ||
App | 6 vuotta sitten | |
Enclave | 6 vuotta sitten | |
Include | 6 vuotta sitten | |
Seal | 6 vuotta sitten | |
Makefile | 6 vuotta sitten | |
README.md | 6 vuotta sitten | |
debug_mock_key.bin | 6 vuotta sitten |
Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.
Problem: Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.
Solution: The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time.
Intel(R) SGX PCL provides:
See sources at sdk\encrypt_enclave.
See sources at sdk\protected_code_loader.
Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.
See more elaborate documentation at Intel(R) SGX Protected Code Loader for Linux User Guide.
To compile and run the sample
$ cd SampleEnclavePCL
$ make
$ ./app