Keystone Major Update -- In-Enclave ELF Loading

68 views
Skip to first unread message

Evgeny Pobachienko

unread,
Dec 2, 2023, 11:02:56 PM12/2/23
to keystone-en...@googlegroups.com
Hi everyone,

We've been working on improving the application support, and now we've finalized the implementation. Now, keystone enclaves load ELF files and initialize virtual address space after enclave execution, as opposed to the untrusted host setting up the page table. This greatly simplifies the Keystone code, design, measurement, and development of future features.

Although the functionality should remain the same, this is a large change including breaking changes in multiple places:
  • Enclaves now need "trusted loader" that loads the runtime and enclave app binaries
  • ELF parsing/loading was removed from SDK and added to runtime/loader and runtime/loader-binary,
  • Enclave measurement is now just the measurement of the binaries concatenated.

For more details, please directly refer to the PR: https://github.com/keystone-enclave/keystone/pull/326

We hope this accelerates future research on the Keystone platform! If you have any questions or feedback, feel free to raise them on Github, on this document, or reach out by email to me or Dayeol at evg...@berkeley.edu and day...@berkeley.edu.

Thanks,
Evgeny Pobachienko

Eric Thomas Schneider

unread,
Dec 3, 2023, 7:05:29 PM12/3/23
to Keystone Enclave Forum
Does this mean eapps must rely on ELF to work? If I'm interested in a different binary format, then do I have extend the runtime and sdk packages?

Eric

Dayeol Lee

unread,
Dec 4, 2023, 1:37:56 PM12/4/23
to Eric Thomas Schneider, Keystone Enclave Forum
The current boot/loading sequence is loader --> runtime (ELF) --> binary (ELF).
Thus, if you're interested in a different binary format, you'd extend only the runtime, such that it can load non-ELF binary.
I believe SDK doesn't have to be changed, as the host-side initialization is just a sequential copy of the three binaries.

--
You received this message because you are subscribed to the Google Groups "Keystone Enclave Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keystone-enclave-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keystone-enclave-forum/cf743e18-6796-4b16-9691-fd7191d694a3n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages