By Simon Paul Johnson, Derek Bombien, and Dan T Zimmerman
Published:01/08/2016 Last Updated:01/07/2016
Since releasing the Intel® Software Guard Extensions (Intel® SGX) SDK, we've had a few questions about debug vs pre-release vs release mode (production) enclaves.
Part of the security model of Intel® Software Guard Extensions is to prevent software from peaking inside and getting at secrets inside the enclave... but no-one writes perfect code the first time round; so how do you debug an enclave?
The Intel SGX architecture supports two modes for Enclaves a Debug mode and Production (non-debug) mode. Production Mode enclaves have the full protection provided by the architecture. In the HW architecture debug mode enclaves differ from production enclaves in 4 basic ways.
The Intel SGX SDK includes the Intel SGX debugger as a Microsoft Visual Studio* plugin. See the Enclave Debugger section of the Intel® Software Guard Extensions Evaluation SDK User’s Guide for additional details.
Traditionally a developer would have two basic profiles for compiling their code:
In addition we have added two more profiles to the support offered in the Intel SGX SDK:
Currently the evaluation SDK allows the developer to create and run enclaves using the Debug and Pre-release profiles. Enclaves compiled under the Release profile will not work until the developer completes the production licensing process. If you would like to deliver a production-quality application using Intel SGX, please contact the Intel SGX Program for more information about a production license.
Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.