Intel-SGX TEE
Amit Nadiger
Polyglot(Rust??, C++ 11,14,17,20, C, Kotlin, Java) Android TV, Cas, Blockchain, Polkadot, UTXO, Substrate, Wasm, Proxy-wasm,AndroidTV, Dvb, STB, Linux, Engineering management.
Intel SGX (Software Guard Extensions) is a set of hardware-based security features that enable applications to run in a secure enclave, protected from the rest of the system. SGX provides a trusted execution environment (TEE) for applications, ensuring that sensitive data and processes are protected from potential attacks.
SGX is designed to protect code and data from being accessed or modified by unauthorized users, even if the operating system, hypervisor, or other system components are compromised. SGX achieves this by creating a secure enclave in memory, which is a protected area of memory that is inaccessible to the rest of the system.
In this article, we will discuss the architecture and features of Intel SGX, as well as its advantages and limitations.
Architecture of Intel SGX:
The architecture of Intel SGX consists of three main components:
Features of Intel SGX:
Intel SGX provides several features that enable applications to run securely in an enclave:
Enclave execution flow:
The execution flow for a secure enclave in a Trusted Execution Environment (TEE) typically involves the following steps:
Throughout the entire execution flow, the TEE ensures that the enclave is running in a secure environment, protecting its code and data from any potential attacks or compromises. The TEE also provides a mechanism for the enclave to securely communicate with the outside world, allowing it to perform useful work while still maintaining a high level of security.
(Copied from overview-of-intel-sgx-enclave-637284.pdf )
High-level overview of the steps involved in using an Intel SGX enclave:
Here's an example of how you might write an Intel SGX enclave and a simple application that interacts with it. This example assumes that you're using C and the SGX SDK.
Below is enclave code that defines an enclave function that takes an input string and returns a modified version of the string:
#include "sgx_tcrypto.h"
#include "sgx_trts.h"
#include "sgx_utils.h"
#define MAX_BUF_LEN 1024 sgx_status_t SGX_CDECL ecall_modify_string(char* input, char* output, size_t max_output_len) {
sgx_status_t ret = SGX_SUCCESS;
// Verify that the input buffer is within the enclave's address space
if (!sgx_is_within_enclave(input, strlen(input) + 1)) {
ret = SGX_ERROR_INVALID_PARAMETER;
goto cleanup;
}
// Verify that the output buffer is within the enclave's address space
if (!sgx_is_within_enclave(output, max_output_len)) {
ret = SGX_ERROR_INVALID_PARAMETER;
goto cleanup;
}
// Modify the input string
snprintf(output, max_output_len, "Modified: %s", input);
cleanup:
return ret;
}
This function takes two char pointers, one for the input string and one for the output string, and a size_t value indicating the maximum length of the output string. Inside the function, we use SGX SDK APIs to verify that the input and output buffers are within the enclave's address space (to prevent potential buffer overflow attacks), and then we modify the input string and write the result to the output buffer.
Next, we need to compile the enclave code into a signed binary. We can do this using the SGX SDK tools. Assuming that we've saved the above code in a file called enclave.c, we can compile it as follows:
sgx_edger8r --trusted enclave.edl --trusted-dir . --untrusted-dir . --untrusted enclave_u.c
sgx-gcc -c enclave.c -o enclave.o -I. -I/opt/intel/sgxsdk/include
sgx-gcc -c enclave_u.c -o enclave_u.o -I. -I/opt/intel/sgxsdk/include
sgx-ld -m elf_x86_64 -s enclave.lds enclave.o enclave_u.o -o enclave.so -L/opt/intel/sgxsdk/lib64 -lsgx_tstdc -lsgx_tcrypto -lsgx_trts
sgx_sign sign -key Enclave_private.pem -enclave enclave.so -out enclave.signed.so -config Enclave.config.xml
These commands generate a signed binary called enclave.signed.so, which we can load and run inside the enclave.
Below is application code that loads the enclave and calls the `ecall_modify' function
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "enclave_u.h"
#include <sgx_urts.h>
#define ENCLAVE_FILE "enclave.signed.so"
int main(int argc, char const *argv[])
{
sgx_enclave_id_t eid;
sgx_status_t ret;
/* Initialize the enclave */
ret = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, NULL, NULL, &eid, NULL);
if (ret != SGX_SUCCESS) {
printf("Failed to create enclave: %d\n", ret);
return 1;
}
/* Call the ecall_modify() function */
const char* message = "Hello, Enclave!";
size_t message_len = strlen(message);
char* encrypted_message = NULL;
size_t encrypted_len = 0;
ret = ecall_modify(eid, message, message_len, &encrypted_message, &encrypted_len);
if (ret != SGX_SUCCESS) {
printf("Failed to call ecall_modify(): %d\n", ret);
goto cleanup;
}
/* Print the encrypted message */
printf("Encrypted message: ");
for (int i = 0; i < encrypted_len; i++) {
printf("%02x", encrypted_message[i]);
}
printf("\n");
/* Destroy the enclave */
ret = sgx_destroy_enclave(eid);
if (ret != SGX_SUCCESS) {
printf("Failed to destroy enclave: %d\n", ret);
return 1;
}
return 0;
cleanup:
sgx_destroy_enclave(eid);
return 1;
}
The above code initializes the enclave, calls the ecall_modify function inside the enclave, prints the encrypted message returned by the function, and destroys the enclave.
To compile the application, we need to link the libsgx_urts.so library and include the enclave_u.h header file, which contains the generated ecall and ocall functions. Here's an example of how to compile the application:
$ gcc -o app app.c enclave_u.c -L/opt/intel/sgxsdk/lib64 -lsgx_urts
Note that we're linking against the libsgx_urts.so library that's installed as part of the SGX SDK.
Finally, to run the application, we need to set the LD_LIBRARY_PATH environment variable to point to the location of the SGX libraries. Here's an example of how to run the application:
$ LD_LIBRARY_PATH=/opt/intel/sgxsdk/lib64 ./app
This will output the encrypted message returned by the enclave.
How to Implement the pallets based on Substrate and inside Intel SGX
Substrate is a blockchain development framework that allows developers to create their own blockchain using a modular design. The framework is built in Rust and provides a set of libraries, tools, and primitives that can be used to build a customized blockchain solution.
Implementing pallets based on Substrate inside Intel SGX can provide additional security to the blockchain application by ensuring the confidentiality and integrity of the sensitive data stored inside the enclave. Here are the steps to implement pallets based on Substrate inside Intel SGX:
To implement pallets based on Substrate inside Intel SGX, we can follow the steps below:
Here is an example code that demonstrates how to implement a simple pallet using SGX enclave inside Substrate:
// Define the storage for the pallet
pub trait Trait: frame_system::Trait {}
impl pallet_example::Trait for Runtime {
type Event = Event;
}
decl_module! {
pub struct Module<T: Trait> for enum Call where origin: T::Origin {
// Define the functions for the pallet
#[weight = 0]
pub fn multiply_numbers(origin, num1: u32, num2: u32) -> dispatch::DispatchResult {
let _sender = ensure_signed(origin)?;
// Invoke the SGX enclave to multiply the numbers
let mut result = [0u8; 4];
let input1 = &num1.to_le_bytes()[..];
let input2 = &num2.to_le_bytes()[..];
let input = [input1, input2].concat();
let mut command = TEEC_Operation::new(0, input.as_ptr() as *mut _, input.len() as u32, result.as_mut_ptr() as *mut _, result.len() as u32);
let mut context = TEEC_Context::new();
let mut session = TEEC_Session::new();
let res = unsafe {
TEEC_InitializeContext(ptr::null_mut(), &mut context);
TEEC_OpenSession(&mut context, &mut session, &UUID, TEEC_LOGIN_PUBLIC, ptr::null_mut(), ptr::null_mut(), ptr::null_mut());
TEEC_InvokeCommand(&mut session, TA_MULTIPLY, &mut command, ptr::null_mut());
TEEC_CloseSession(&mut session);
TEEC_FinalizeContext(&mut context);
result[0] as u32 + (result[1] as u32) << 8 + (result[2] as u32) << 16 + (result[3] as u32) << 24
};
Ok(())
}
}
}
领英推荐
Explanation of the above code:
2. Define the enclave function in C:
#include <stdio.h>
#include<stdarg.h>
#include <stdlib.h>
#include <string.h>
#include <tee_internal_api.h>
#include <tee_internal_api_extensions.h>
#include <utee_defines.h>
#include "enclave_ta.h"
static TEE_Result multiply(TEE_Param p[4])
{
if (p[0].value.a != TEE_PARAM_TYPES(TEE_PARAM_TYPE_VALUE_INPUT,
TEE_PARAM_TYPE_VALUE_INPUT,
TEE_PARAM_TYPE_VALUE_OUTPUT,
TEE_PARAM_TYPE_NONE))
return TEE_ERROR_BAD_PARAMETERS;
TEE_Param *in = &p[1];
TEE_Param *out = &p[2];
out->value.a = in->value.a * in->value.b;
return TEE_SUCCESS;
}
TEE_Result TA_InvokeCommandEntryPoint(void *sessionContext,
uint32_t commandID,
uint32_t paramTypes,
TEE_Param params[4])
{
(void)&sessionContext; /* unused parameter */
switch (commandID)
{
case TA_MULTIPLY:
return multiply(params);
default:
return TEE_ERROR_BAD_PARAMETERS;
}
}
This defines a function multiply that multiplies the two input values a and b, and stores the result in the output value c. The function is called by the enclave when the TA_MULTIPLY command is invoked by the client application.
The TA_InvokeCommandEntryPoint function is the entry point for the Trusted Application, and it routes commands to the appropriate function based on the command ID. In this case, it calls the multiply function if the command ID is TA_MULTIPLY.
SGX SDK is available and can be run on your local machine. However, note that SGX requires specific hardware features that not all processors have, so you'll need to ensure that your processor supports SGX before attempting to use it.
Steps involved in the flow between an untrusted application and an enclave application:
Here is an example code snippet for establishing a secure channel between an untrusted application and an enclave using the sgx_create_enclave() function:
sgx_enclave_id_t enclave_id = 0;
sgx_launch_token_t launch_token = {0};
int token_updated = 0;
// Step 2: Establish a secure channel with the enclave
sgx_status_t ret = sgx_create_enclave("enclave.signed.so",
SGX_DEBUG_FLAG,
&launch_token,
&token_updated,
&enclave_id,
NULL);
if (ret != SGX_SUCCESS) {
// Handle error
}
// Step 4: Call an ECALL within the enclave
int input = 5;
int output = 0;
ret = ecall_modify_value(enclave_id, input, &output);
if (ret != SGX_SUCCESS) {
// Handle error
}
// Step 5: Retrieve output from the enclave
printf("Enclave returned %d\n", output);
// Step 6: Unload the enclave
sgx_destroy_enclave(enclave_id);
Note that this is a simplified example and the actual implementation may involve additional steps depending on the specific requirements of the application.
Regarding your question about the availability of the Intel SGX SDK, yes, it is available for download on the official Intel website and can be used on a local machine. However, it requires specific hardware support for Intel SGX, such as an Intel SGX-enabled processor, and may not be supported on all systems.
How to confirm whether your processor supports Intel SGX by checking its specifications. Here are the steps to do so:
If your processor does not support Intel SGX, you will not be able to use it to develop or run applications that require SGX support.
Note that even if your processor does support Intel SGX, you may need to enable it in your computer's BIOS settings. Additionally, some processors may only support certain versions of Intel SGX, so you should check the exact specifications to ensure compatibility with your intended use case.
To set up an Intel SGX development environment, you'll need the following:
Once you have these components installed, you can start developing SGX applications. Intel provides several sample applications with the SGX SDK to help you get started.
Intel provide a software simulator called the Intel SGX SDK Simulator, which can be used to simulate some aspects of SGX behavior on a non-SGX system.
The Intel SGX SDK Simulator is free to download and use. It is included as part of the Intel SGX SDK, which is available for download from the Intel website.
The SGX SDK Simulator is a software-based simulator that emulates some aspects of SGX hardware behavior on a non-SGX system. It allows you to test and debug SGX applications without needing an actual SGX-enabled processor. However, it is important to note that the simulator does not provide a complete emulation of the SGX hardware, so some aspects of SGX behavior may not be fully simulated.
Overall, the SGX SDK Simulator can be a useful tool for SGX developers who do not have access to an SGX-enabled processor or who want to test their applications in a controlled environment before running them on real hardware.
Advantages of Intel SGX:
From Intel sgx site:
Limitations of Intel SGX:
Application in Litentry:
Litentry is a blockchain platform that focuses on decentralized identity and user data management. It aims to provide users with control over their personal data by allowing them to manage and share it securely and anonymously.
Intel SGX is used in Litentry to provide secure execution environments for sensitive operations like cryptographic key management and user data storage. This is achieved by creating SGX enclaves that can be used to securely store and process sensitive data and operations. For example, the private keys used to sign transactions and authenticate users can be securely stored and processed within an SGX enclave, preventing unauthorized access and ensuring confidentiality.
Polkadot is a blockchain platform that aims to provide interoperability between different blockchain networks. It allows different blockchain networks to communicate and exchange data with each other, creating a network of interconnected blockchains.
Intel SGX can be used in Polkadot to provide secure and private communication between different blockchain networks. For example, SGX enclaves can be used to securely process and exchange data between blockchains, ensuring that sensitive information like transaction details and private keys remain confidential and secure.
In both Litentry and Polkadot, SGX is used to provide a secure and trusted environment for executing sensitive operations and managing user data. This can help address some of the security and privacy challenges faced by traditional blockchain networks, making these platforms more secure and trustworthy for users.
Thanks for reading till end , please comment of you have any.
Reference:
Good Reads: