Since releasing the Intel® Software Guard Extensions (Intel® SGX) SDK, we've had a few questions about debug vs pre-release vs release mode (production) enclaves.
Part of the security model of Intel® Software Guard Extensions is to prevent software from peaking inside and getting at secrets inside the enclave... but no-one writes perfect code the first time round; so how do you debug an enclave?
The Intel SGX architecture supports two modes for Enclaves a Debug mode and Production (non-debug) mode. Production Mode enclaves have the full protection provided by the architecture. In the HW architecture debug mode enclaves differ from production enclaves in 4 basic ways.
The Intel SGX SDK includes the Intel SGX debugger as a Microsoft Visual Studio* plugin. See the Enclave Debugger section of the Intel® Software Guard Extensions Evaluation SDK User’s Guide for additional details.
Traditionally a developer would have two basic profiles for compiling their code:
In addition we have added two more profiles to the support offered in the Intel SGX SDK:
Currently the evaluation SDK allows the developer to create and run enclaves using the Debug and Pre-release profiles. Enclaves compiled under the Release profile will not work until the developer completes the production licensing process. If you would like to deliver a production-quality application using Intel SGX, please contact the Intel SGX Program for more information about a production license.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804