Skip to content

Lohann/intel-sgx-template

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.vscode
.vscode
 
 
app
app
 
 
enclave
enclave
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
install-sgx-sdk.sh
install-sgx-sdk.sh
 
 

Repository files navigation

Intel SGX Template Project

Minimal C project intended to be used as template project to get started with Intel SGX.

Building

First make sure you have the latest linux-sgx-sdk installed, you can follow the instructions on their github page, or simply run:

# Clone the project
git clone https://github.com/Lohann/intel-sgx-template.git
cd intel-sgx-template

# Install Linux SGX-SDK, obs: only tested on Ubuntu 24.04
./install-sgx-sdk.sh

Make sure you have dev tools enabled in your terminal

# First make sure SGX-SDK environment is set
[ -z "$SGX_SDK" ] && source /opt/intel/sgxsdk/environment

To compile APP and/or ENCLAVE, use one of the following options:

# Options:
#   SGX_MODE=HW     -> Hardware Mode (default) obs: requires compatible CPU
#   SGX_MODE=SIM    -> Simulation Mode
#   SGX_DEBUG=1     -> Enable Debug (default)
#   SGX_DEBUG=0     -> Disable Debug

# Compile APP and ENCLAVE in Hardware+Debug mode
make

# Compile ONLY the APP in Hardware+Debug mode
make main

# Compile ONLY the ENCLAVE in Hardware+Debug mode
make enclave.signed.so

# Compile APP in Simulated+Debug Mode
make SGX_MODE=SIM main

# Compile APP and ENCLAVE in Simulation+Release Mode
make SGX_MODE=SIM SGX_DEBUG=0

# Compile ENCLAVE in Hardware+Release Mode
make SGX_DEBUG=0 enclave.signed.so

Format the code using GNU indent

make format

Run the App

./main

Remove generated files + Compile APP in Simulation Mode + Run app

make clean && make SGX_MODE=SIM && ./main

Check SGX Hardware Support

Use ark.intel to check if your Intel CPU model is listed, but even if your CPU supports SGX it doesn't mean it is enabled, the SGX is usually disabled by default and must be enabled in the computer BIOS.

One easy way to check if your linux machine have SGX enabled, is using dmesg:

sudo dmesg | grep -i sgx

But dmesg will show nothing if your machine doesn't support it, another alternative is CPUID.

# Install CPUID tool
sudo apt install cpuid -y

# Check if SGX is enabled.
sudo cpuid | grep -i sgx

Project Structure

  • app/*: Untrusted Component Code
    • app.c: Application entry point, register and calls the enclave.
    • error.c: Prints the sgx_status_t error message.
  • enclave/*: Trusted Component Code
    • enclave.c: Enclave ECALLS implementation.
    • enclave.edl: Enclave Trusted and Untrusted input types boundaries, OCALLS and ECALLS definitions. (see Enclave Definition Language - EDL)
    • enclave.lds and enclave_debug.lds: Linkers for hardware and simulation mode, for more detals read the section about enclave/*.lds files.
    • enclave.config.xml: XML file containing the user defined parameters of an enclave, for more detals read the section Enclave XML Configuration File.
  • build.sh: Build script, do the same as make SGX_MODE=SIM, but is easier to read and learn the compilation process step-by-step.
  • setup-sgx.sh: Install SGX-SDK in a linux machine, obs: only tested on Ubuntu 24.04.
  • .vscode/c_cpp_properties.json: intellisense c_cpp_properties.json for vscode c/c++ auto-completion.

Enclave XML Configuration File

The enclave configuration file is an XML file containing the user defined parameters of an enclave. This XML file is a part of the enclave project. A tool named sgx_sign uses this file as an input to create the signature and metadata for the enclave. Here is an example of the configuration file.

<EnclaveConfiguration>
    <ProdID>100</ProdID>
    <ISVSVN>1</ISVSVN>
    <StackMaxSize>0x50000</StackMaxSize>
    <StackMinSize>0x2000</StackMinSize>
    <HeapMaxSize>0x100000</HeapMaxSize>
    <HeapMinSize>0x40000</HeapMinSize>
    <HeapInitSize>0x80000</HeapInitSize>
    <TCSNum>3</TCSNum>
    <TCSMaxNum>4</TCSMaxNum>
    <TCSMinPool>2</TCSMinPool>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
    <EnableKSS>1</EnableKSS>
    <ISVEXTPRODID_H>1</ISVEXTPRODID_H>
    <ISVEXTPRODID_L>2</ISVEXTPRODID_L>
    <ISVFAMILYID_H>3</ISVFAMILYID_H>
    <ISVFAMILYID_L>4</ISVFAMILYID_L>
</EnclaveConfiguration>

About enclave*.lds files

The symbol enclave_entry is the entry point to the enclave. The symbol g_global_data_sim comes from the tRTS simulation library and is required to be exposed for running an enclave in the simulation mode since it distinguishes between enclaves built to run on the simulator and on the hardware. The sgx_emmt tool relies on the symbol g_peak_heap_used to determine the size of the heap that the enclave uses and relies on the symbol g_peak_rsrv_mem_committed to determine the size of the reserved memory that the enclave uses. The symbol __ImageBase is used by tRTS to compute the base address of the enclave.

// file: enclave/enclave.lds
enclave.so
{
    global:
        g_global_data_sim;
        g_global_data;
        enclave_entry;
    local:
        *;
};

For more details read the chapter Setting up an Intel® Software Guard Extensions Project at Intel SGX Developer Reference Linux 2.26 Open Source.

References

About

Intel SGX Base Template Project using C

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages