This library contains helper functions for developing enclaves. These include
- debugging helpers (printf function)
- file operations
Page 43 in the SGX SDK guide v1.1 gives details on how to create and use an enclave library.
A reference project that consumes this library can be found at github.com/ftes/sgx-lib-consumer/
Steps:
- Import
sgx_lib_{u,t}projects - Switch configuration to
Simulation - Consume library in untrusted app (see below)
- Consume library in trusted enclave (see below)
- Use and configure SGX debugger (see below)
Properties -> Common Properties -> Frameworks and References -> Addsgx_lib_u`- Add additional include directory:
..\sgx-lib\includeand..\sgx-lib\sgx_lib_u\include(relative path may differ, depending on your setup)
Properties -> Common Properties -> Frameworks and References -> Addsgx_lib_t`- Add additional include directories:
..\sgx-lib\includeand..\sgx-lib\sgx_lib_t\include(relative path may differ, depending on your setup) - Set macro
SGX_ENCLAVE(header problem withsgx_lib_stdio.h) - Import OCALLs and ECALLs by adding to your
enclave.edl:from "../sgx-lib/sgx_lib_t/sgx_lib.edl" import *;(relative path may differ, depending on your setup)
- Use the
Intel SGX Debugger - Set
Configuration Properties->Debugging->WorkingDirectoryto$(OutDir)
Enabled by the SGX_INSECURE_IO_OPERATIONS macro.
During development, insecure I/O operations can be used. These allow data to leave the enclave unencrypted. When including legacy code, this allows legacy compatible behaviour, without security garuantees.
Without this macro, writes and reads to standard and file streams are sealed (or encrypted). Replay protection IS NOT added.
Use either
seal/unsealorencrypt/decrypt
as the underlying encryption primitive. (1) is the default, (2) is enabled by setting the SGX_SECURE_IO_OPERATIONS_KEY macro.
(2) requires a symmetric encryption key, which can be set using set_secure_io_key().
This key is used to en/decrypt all subsequent I/O operations, until it is overwritten by another call to set_secure_io_key().