Liron Shacham ef87f1f4f7 Removed wrong link | 6 年之前 | |
---|---|---|
.. | ||
App | 6 年之前 | |
Enclave | 6 年之前 | |
Include | 6 年之前 | |
Seal | 6 年之前 | |
Makefile | 6 年之前 | |
README.md | 6 年之前 | |
debug_mock_key.bin | 6 年之前 |
Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.
Problem: Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.
Solution: The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time.
Intel(R) SGX PCL provides:
See sources at sdk\encrypt_enclave.
See sources at sdk\protected_code_loader.
Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.
To compile and run the sample
$ cd SampleEnclavePCL
$ make
$ ./app