Is it possible to run arbitrary libraries inside an enclave?

[pcharal...@gmail.com]

I want to have some cryptographic functions run inside an enclave. Having them installed on the machine is not enough since it needs the kernel which the enclave does not have access to. 

Is there another way to have it run? The functions are in the format of a binary which is executed with some parameters.

Thank you in advance,

P

[Seth Moore]

Hi P,

It sounds as if you have a standalone ELF binary that you’d like to run inside of an enclave. Asylo has a Bazel macro, cc_enclave_binary, that allows one to wrap an existing application. Note that this rebuilds the application from source with the Asylo toolchain. An off-the-shelf ELF binary cannot be run inside of an enclave. Please refer to https://asylo.dev/blog/2019/asylo-redis-sqlite.html for more info, and https://github.com/google/asylo/blob/master/asylo/examples/redis/README.md demonstrates building and running redis inside an enclave.

However, if you instead have a library that contains the code, you should be able to statically link it with your enclave application and simply reuse the code. Note that the entire application, including the library you want to use, must be built with the Asylo build rules & toolchain.

Regards,

Seth

--
Visit asylo.dev for the latest information.
---
You received this message because you are subscribed to the Google Groups "Asylo Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to asylo-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/asylo-users/d2666635-c893-4103-9248-d18615fea82bn%40googlegroups.com.