Menu
I have a C++ struct like this:
struct node
{
string splitOn;
string label;
bool isLeaf;
vector<string> childrenValues;
vector<node*> children;
};
I wanted to pass or read this from App to the Intel SGX enclave. Based on what is mentioned here: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/703489
I tried this:
APP:
node *root = new node;
root = buildDecisionTree(dataTable, root, *tableInfo); //this initializes the root
void *data3 = static_cast<void*>(root);
ecall_my_dtree(global_eid, &ecall_return, data3);
EDL:
public int ecall_my_dtree([user_check] void* data);
Enclave:
int ecall_my_dtree(void *data2)
node* root2 = static_cast<node*>(data2);
But it seems, the root2 is not able to initialize properly and it points to garbage.
About user_check: https://software.intel.com/en-us/node/708978
Any help regarding how I could properly read the data inside the enclave. PS: Intel SGX enclave does not support any serialization library.
I have asked the similar question here too but no real helpful answer for my small brain. https://github.com/intel/linux-sgx/issues/229
847
As we all know, There is an SGX instruction we use to create an enclave, EADD. This is a Intel CPU microcode instruction. However, a user program does not directly call this instruction, but calls sgx_create_enclave() SDK function.
To conclude, Intel SGX offers an extra set of CPU instructions to create Enclaves, areas that are protected by hardware and ensure confidentiality and integrity even in front of privileged operating systems Intel SGX was introduced by Intel in the year of 2015 with its Skylake CPU familiy.
Those Enclaves are areas inside the address space of processes, which are specifically protected by the CPU to control and avoid direct access, even from other privileged processes.
It passes its control to Intel SGX driver to call ECREATE, which is a ECLS instruction the can only be called in kernel mode. This ioctl () call is passed through Intel SGX Linux driver, and calls the function isgx_ioctl_enclave_create () in /linux-sgx-driver/isgx_ioctl.c.
You shouldn't do this:
struct node
{
string splitOn;
string label;
bool isLeaf;
vector<string> childrenValues;
vector<node*> children;
};
Possible problems:
The STL does not guarantee binary compatibility on most of its types: i.e. std::string or std::vector.
SGX's implementation of the STL is just a modified/reduced subset of it.
You may face problems related to memory alignment.
You should implement custom serialization for this instead.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
