opensgx icon indicating copy to clipboard operation
opensgx copied to clipboard

Published 20 hours ago verified publisher icon sslab-gatech

Run real SGX applications on openSGX

Open Samathy opened this issue 8 years ago • 5 comments

I'd like to use OpenSGX to write and test real SGX applications on local machines which don't support SGX instructions - and then be able to run the same application on machines that do support SGX with minimal changes.

OpenSGX does not seem to support function calls that are available on real SGX systems (For example, I can't find any reference to sgx_create_enclave() ).

Is there any way you'd suggest I could do this? Or is OpenSGX simply not the right tool?

Thanks

Samathy avatar Aug 26 '16 14:08 Samathy

The model between OpenSGX and Intel SDK is actually pretty similar. We provide equivalent api init_enclave() to sgx_create_enclave(), which creates an enclave and then loading the binary. For function call, you can directly do the same thing by using trampoline in OpenSGX for share data between host and enclave (Intel SDK use the same mechanism to support function calls).

johnmwshih avatar Aug 26 '16 20:08 johnmwshih

Creating an enclave from a binary seems to be provided by load_elf_enclave() - not init_enclave(). Making the api quite disimilar to Intel's (where loading a binary is provided through sgx_create_enclave() ). Or am I missing something?

Despite the api being disimilar - is all the functionality provided by openSGX the same as Intel's SDK? So I could write a wrapper from Intel -> OpenSGX to allow for testing?

p.s if this disgussion gets to much for GH issues - I'm happy to take this to email.

Samathy avatar Aug 30 '16 08:08 Samathy

Hi!

I am actually having the same intent/plan as Samathy.

And seeing that the discussion may have been continued via email I must ask... Is it feasible? Are there any known differences/limitations? Will OpenSGx be the appropriate tool?

fbdlampayan avatar Nov 02 '16 14:11 fbdlampayan

We haven't have progress on making OpenSGX compatible with Intel SDK. It's highly depends on your needs -- if you just want to develop some sgx programs, Intel SDK would be better; If you want to explore on low-level layers, OpenSGX provides more flexibility, e.g., you can check enclu/encls implementation, emulates SGX version 2 instruction, which is not supported in current skylate cpu, etc.

johnmwshih avatar Nov 02 '16 18:11 johnmwshih

Ahhh Alright! Thanks for the information @johnmwshih

fbdlampayan avatar Nov 03 '16 08:11 fbdlampayan