NaCl modules using Intel SGX Enclaves

[Rafael C]

Hi, I'm trying to make an PNaCl module that uses functions that run inside SGX Enclaves (ECALLs) but without any success so far. I'm not sure if this is possible considering NaCl's compiler specificities and the fact that both technologies works with memory access constrains. To make this possible I think enclave memory should be entirely inside the NaCl module limits. 

I'm using the linux sgx sdk. A regular SGX application uses the executable file and a signed.enclave.so library. Is it possible to compile the signed.enclave.so using NaCl compiler and then unite it with the main application in a single nexe/pexe file?

Also, is it possible to take advantage of the sgx sgk libraries using the pnacl-ar and pnacl-ranlib tools?

Does anyone has ever tried something like this? Any sucesses? Ideas on how to do it?

Thanks a lot.

[Bennet Yee]

i don't think the sgx instructions are whitelisted by the nacl verifier (and they're more complex to verify, because to know which sgx instruction is being used one has to know what values are in some register [don't have docs in front of me], due to how the dispatch is done).

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsub...@googlegroups.com.
To post to this group, send email to native-client-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

--

please excuse the lack of capitalization; i try to avoid the shift key because of (mild) tendonitis.

[Bennet Yee]

you might also be interested in this paper, which puts NaCl inside an SGX enclave, rather than putting an SGX enclave inside a NaCl module:

https://www.cs.utexas.edu/users/witchel/pubs/hunt16osdi-ryoan.pdf

On Thu, Feb 23, 2017 at 1:25 PM, Bennet Yee <benne...@snap.com> wrote:

i don't think the sgx instructions are whitelisted by the nacl verifier (and they're more complex to verify, because to know which sgx instruction is being used one has to know what values are in some register [don't have docs in front of me], due to how the dispatch is done).

On Thu, Feb 23, 2017 at 6:19 AM, Rafael C <rca...@gmail.com> wrote:

Hi, I'm trying to make an PNaCl module that uses functions that run inside SGX Enclaves (ECALLs) but without any success so far. I'm not sure if this is possible considering NaCl's compiler specificities and the fact that both technologies works with memory access constrains. To make this possible I think enclave memory should be entirely inside the NaCl module limits. 

I'm using the linux sgx sdk. A regular SGX application uses the executable file and a signed.enclave.so library. Is it possible to compile the signed.enclave.so using NaCl compiler and then unite it with the main application in a single nexe/pexe file?

Also, is it possible to take advantage of the sgx sgk libraries using the pnacl-ar and pnacl-ranlib tools?

Does anyone has ever tried something like this? Any sucesses? Ideas on how to do it?

Thanks a lot.

--
You received this message because you are subscribed to the Google Groups "Native-Client-Discuss" group.

To unsubscribe from this group and stop receiving emails from it, send an email to native-client-discuss+unsubscri...@googlegroups.com.

To post to this group, send email to native-client-discuss@googlegroups.com.
Visit this group at https://groups.google.com/group/native-client-discuss.
For more options, visit https://groups.google.com/d/optout.

--

please excuse the lack of capitalization; i try to avoid the shift key because of (mild) tendonitis.