Secure Execution Environments

SDK compilation modes

SGX applications can be compiled in several modes:

  • hardware debug mode (signed with Intel's key, code not optimized).

SGX_MODE=HW SGX_DEBUG=1 SGC_PRERELEASE=0

  • hardware prerelease mode (signed with your key, code is optimized).

SGX_MODE=HW SGX_DEBUG=1 SGC_PRERELEASE=0

  • hardware release mode (signed with your key, code is optimized, cannot be debugged).

SGX_MODE=HW SGX_DEBUG=0 SGC_PRERELEASE=0

  • simulation mode (in debug mode).

SGX_MODE=SIM SGX_DEBUG=1

SGX SDK Tools

Edger8r (sgx_edger8r)

Generates "edge" routines (interface between the untrusted application and the enclave) described in an Enclave Description Language (EDL) file.

Using it on file XYZ.edl produces files XYZ_[tu]t.[hc] where t=trusted, u=untrusted, h=prototypes, and c=functions.

Enclave signing tool (sgx_sign)

Supports key management.

Enclave Memory Measurement Tool (sgx_emmt)

Use it to measure how much memory the enclave uses (needed by the Enclave Configuration File).

PreviousPerformance OverheadNextWriting Enclave Functions

Last updated