Hi everyone,
We've been working on improving the application
support, and now we've finalized the implementation. Now, keystone
enclaves load ELF files and initialize virtual address space after
enclave execution, as opposed to the untrusted host setting up the page
table. This greatly simplifies the Keystone code, design, measurement,
and development of future features.
Although the functionality should remain the same, this is a large change including breaking changes in multiple places:
- Enclaves now need "trusted loader" that loads the runtime and enclave app binaries
- ELF parsing/loading was removed from SDK and added to runtime/loader and runtime/loader-binary,
- Enclave measurement is now just the measurement of the binaries concatenated.
For more details, please directly refer to the PR:
https://github.com/keystone-enclave/keystone/pull/326We
hope this accelerates future research on the Keystone platform! If you
have any questions or feedback, feel free to raise them on Github, on
this document, or reach out by email to me or Dayeol at
evg...@berkeley.edu and
day...@berkeley.edu.
Thanks,
Evgeny Pobachienko