Liron Shacham ef87f1f4f7 Removed wrong link 6 年 前
..
App 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前
Enclave 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前
Include 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前
Seal 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前
Makefile 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前
README.md ef87f1f4f7 Removed wrong link 6 年 前
debug_mock_key.bin 75dd558bda Linux 2.1.3 Open Source Gold Release 6 年 前

README.md

Intel(R) Software Guard Extensions Protected Code Loader (Intel(R) SGX PCL) for Linux* OS

Introduction

Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.

Problem: Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.

Solution: The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time.

Intel(R) SGX PCL provides:

  1. sgx_encrypt: A tool to encrypt the shared object at build time.

See sources at sdk\encrypt_enclave.

  1. libsgx_pcl.a: A library that is statically linked to the enclave and enables the decryption of the enclave at load time.

See sources at sdk\protected_code_loader.

  1. SampleEnclavePCL: Sample code which demonstrates how the tool and lib need to be integrated into an existing enclave project.

Pupose of this code sample:

Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.

Build and test the Intel(R) SGX PCL with the sample code

  • To compile and run the sample

    $ cd SampleEnclavePCL
    $ make
    $ ./app