信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
SGX Developer Reference for Linux
2018-03-15 15:36:19
198
0
0
heming
# 1. Introduction ## SGX Technology Overview - SGX has a hard limit on the protected memory size,typically 64M or 128M. the number of activeted enclaves is limited ## SGX Security Properties - SGX aim to protect against software attacks - the enclave memory cannot be read or written from outside the enclave - An enclave can be created with a debug attribute that allows a special debugger to view its content like a standard debugger - SGX aim to protect against known hardware attacks - the enclave memory is encrypted using industry-standard encryption algorithms with replay protection(enclave的内存用工业级的加密算法加密,可以重放保护) - Tapping the memory or connecting the DRAM modules to another system will only give access to encrypted data - the memory encryption key changes every power cycle randomly,stored within CPU and it is not accessible ## Application Design Considerations An SGX application design is different from non-SGX application,as it requires dividing the application into two logical components: - Trusted componet(enclave) - Untrusted component(include all its modules) ## Setting up an SGX Project ### Creating SGX Projects follow the directory structure and Makefiles from one of the sample application in the SGX SDK. you should prepare the following files: 1. Enclave Definition Language(EDL) file 2. Enclave Configuration File(ECF)-contains the information of the enclave metadata. 3. Signing key files--used to sign an enclave to produce a signature structure that contains enclave properties such as enclave measurement. 4. Application and enclave source code--the implementation of application and enclave functions 5. makefile--it performs the following steps: ``` 1.Generates edger routines 2.Builds the application and enclave 3.Signs the enclave ``` 6. Linker script file -- you should use the linker script to hide all unnecessary symbols,and only export enclave_entry,g_global_data,and g_global_data_sim > Enclave.config.xml ``` <EnclaveConfiguration> <ProdID>0</ProdID> <ISVSVN>0</ISVSVN> <StackMaxSize>0x40000</StackMaxSize> <HeapMaxSize>0x100000</HeapMaxSize> <TCSNum>10</TCSNum> <TCSPolicy>1</TCSPolicy> <DisableDebug>0</DisableDebug> <MiscSelect>0</MiscSelect> <MiscMask>0xFFFFFFFF</MiscMask> </EnclaveConfiguration> ``` > Enclave.edl ``` /* Enclave.edl - Top EDL file. */ enclave { include "user_types.h" /* buffer_t */ /* Import ECALL/OCALL from sub-directory EDLs. * [from]: specifies the location of EDL file. * [import]: specifies the functions to import, * [*]: implies to import all functions. */ from "Edger8rSyntax/Types.edl" import *; from "Edger8rSyntax/Pointers.edl" import *; from "Edger8rSyntax/Arrays.edl" import *; from "Edger8rSyntax/Functions.edl" import *; from "TrustedLibrary/Libc.edl" import *; from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map; from "TrustedLibrary/Thread.edl" import *; /* * ocall_print_string - invokes OCALL to display string buffer inside the enclave. * [in]: copy the string buffer to App outside. * [string]: specifies 'str' is a NULL terminated buffer. */ untrusted { void ocall_print_string([in, string] const char *str); }; }; ``` > Enclave.lds ``` enclave.so { global: g_global_data_sim; enclave_entry; local: *; }; ``` > Enclave_private.pem(加密key?)
上一篇:
SGX Developer Guider
下一篇:
初识白盒密码
0
赞
198 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航