I have a C++ struct like this: <pre class="prettyprint"><code>struct node { string splitOn; string label; bool isLeaf; vector<string> childrenValues; vector<node*> children; }; </code></pre> I wanted to pass or read this from App to the Intel SGX enclave. Based on what is mentioned here: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/703489 I tried this: APP: <pre class="prettyprint"><code>node *root = new node; root = buildDecisionTree(dataTable, root, *tableInfo); //this initializes the root void *data3 = static_cast<void*>(root); ecall_my_dtree(global_eid, &ecall_return, data3); </code></pre> EDL: <pre class="prettyprint"><code> public int ecall_my_dtree([user_check] void* data); </code></pre> Enclave: <pre class="prettyprint"><code>int ecall_my_dtree(void *data2) node* root2 = static_cast<node*>(data2); </code></pre> But it seems, the root2 is not able to initialize properly and it points to garbage. About user_check: https://software.intel.com/en-us/node/708978 Any help regarding how I could properly read the data inside the enclave. PS: Intel SGX enclave does not support any serialization library. I have asked the similar question here too but no real helpful answer for my small brain. https://github.com/intel/linux-sgx/issues/229

You shouldn't do this: <pre class="prettyprint"><code>struct node { string splitOn; string label; bool isLeaf; vector<string> childrenValues; vector<node*> children; }; </code></pre> Possible problems: <ul> <li>The STL does not guarantee binary compatibility on most of its types: i.e. <code>std::string</code> or <code>std::vector</code>. </li> <li>SGX's implementation of the STL is just a modified/reduced subset of it.</li> <li>You may face problems related to memory alignment.</li> </ul> You should implement custom serialization for this instead.

Passing C++ struct to enclave from app in Intel SGX

I have a C++ struct like this:

struct node                                                 
{
    string splitOn;                                         
    string label;                                           
    bool isLeaf;                                            
    vector<string> childrenValues;                          
    vector<node*> children;                                 
};

I wanted to pass or read this from App to the Intel SGX enclave. Based on what is mentioned here: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/703489

I tried this:

APP:

node *root = new node;                                          
root = buildDecisionTree(dataTable, root, *tableInfo);  //this initializes the root
void *data3 = static_cast<void*>(root);
ecall_my_dtree(global_eid, &ecall_return, data3);

EDL:

  public int ecall_my_dtree([user_check] void* data);

Enclave:

int ecall_my_dtree(void *data2)
node* root2 = static_cast<node*>(data2);

But it seems, the root2 is not able to initialize properly and it points to garbage.

About user_check: https://software.intel.com/en-us/node/708978

Any help regarding how I could properly read the data inside the enclave. PS: Intel SGX enclave does not support any serialization library.

I have asked the similar question here too but no real helpful answer for my small brain. https://github.com/intel/linux-sgx/issues/229

What is SGX_create_enclave ()?

As we all know, There is an SGX instruction we use to create an enclave, EADD. This is a Intel CPU microcode instruction. However, a user program does not directly call this instruction, but calls sgx_create_enclave() SDK function.

What is Intel SGX and how does it work?

To conclude, Intel SGX offers an extra set of CPU instructions to create Enclaves, areas that are protected by hardware and ensure confidentiality and integrity even in front of privileged operating systems Intel SGX was introduced by Intel in the year of 2015 with its Skylake CPU familiy.

What are CPU enclaves?

Those Enclaves are areas inside the address space of processes, which are specifically protected by the CPU to control and avoid direct access, even from other privileged processes.

How to call ECLS in Intel SGX Linux driver?

It passes its control to Intel SGX driver to call ECREATE, which is a ECLS instruction the can only be called in kernel mode. This ioctl () call is passed through Intel SGX Linux driver, and calls the function isgx_ioctl_enclave_create () in /linux-sgx-driver/isgx_ioctl.c.

You shouldn't do this:

struct node                                                 
{
    string splitOn;                                         
    string label;                                           
    bool isLeaf;                                            
    vector<string> childrenValues;                          
    vector<node*> children;                                 
};

Possible problems:

The STL does not guarantee binary compatibility on most of its types: i.e. std::string or std::vector.
SGX's implementation of the STL is just a modified/reduced subset of it.
You may face problems related to memory alignment.

You should implement custom serialization for this instead.

Passing C++ struct to enclave from app in Intel SGX

Tags:

marshalling

sgx

enclave

Roshan Mehta

People also ask

1 Answers

ruizpauker

Recent Activity

Donate For Us

Passing C++ struct to enclave from app in Intel SGX

Tags:

marshalling

sgx

enclave

Roshan Mehta

People also ask

1 Answers

ruizpauker

Related questions

Recent Activity

Donate For Us