Li, Xun 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
..
App 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
Enclave 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
Include 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
Seal 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
Makefile 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
README.md 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa
debug_mock_key.bin 75dd558bda Linux 2.1.3 Open Source Gold Release 6 anni fa

README.md

Intel(R) Software Guard Extensions Protected Code Loader (Intel(R) SGX PCL) for Linux* OS

Introduction

Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.

Problem: Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.

Solution: The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time.

Intel(R) SGX PCL provides:

  1. sgx_encrypt: A tool to encrypt the shared object at build time.

See sources at sdk\encrypt_enclave.

  1. libsgx_pcl.a: A library that is statically linked to the enclave and enables the decryption of the enclave at load time.

See sources at sdk\protected_code_loader.

  1. SampleEnclavePCL: Sample code which demonstrates how the tool and lib need to be integrated into an existing enclave project.

Pupose of this code sample:

Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.

Documentation

See more elaborate documentation at Intel(R) SGX Protected Code Loader for Linux User Guide.

Build and test the Intel(R) SGX PCL with the sample code

  • To compile and run the sample

    $ cd SampleEnclavePCL
    $ make
    $ ./app