Li, Xun 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
App 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
Enclave 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
Include 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
Seal 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
Makefile 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому
debug_mock_key.bin 75dd558bda Linux 2.1.3 Open Source Gold Release 6 роки тому

Intel(R) Software Guard Extensions Protected Code Loader (Intel(R) SGX PCL) for Linux* OS


Intel(R) SGX PCL is intended to protect Intellectual Property (IP) within the code for Intel(R) SGX enclave applications running on the Linux* OS.

Problem: Intel(R) SGX provides integrity of code and confidentiality and integrity of data at run-time. However, it does NOT provide confidentiality of code offline as a binary file on disk. Adversaries can reverse engineer the binary enclave shared object.

Solution: The enclave shared object (.so) is encrypted at build time. It is decrypted at enclave load time.

Intel(R) SGX PCL provides:

  1. sgx_encrypt: A tool to encrypt the shared object at build time.

See sources at sdk\encrypt_enclave.

  1. libsgx_pcl.a: A library that is statically linked to the enclave and enables the decryption of the enclave at load time.

See sources at sdk\protected_code_loader.

  1. SampleEnclavePCL: Sample code which demonstrates how the tool and lib need to be integrated into an existing enclave project.

Pupose of this code sample:

Enclave writers should compare SampleEnclave and SampleEnclavePCL. This demonstrates how the Intel(R) SGX PCL is to be integrated into the project of the enclave writer.


See more elaborate documentation at Intel(R) SGX Protected Code Loader for Linux User Guide.

Build and test the Intel(R) SGX PCL with the sample code

  • To compile and run the sample

    $ cd SampleEnclavePCL
    $ make
    $ ./app