Today we are launching a multi-part tutorial series aimed at software developers who want to learn how to integrate Intel® Software Guard Extensions (Intel® SGX) into their applications. The intent of the series is to cover every aspect of the software development cycle when building an Intel SGX application, beginning at application design and running through development, testing, packaging, and deployment. While isolated code samples and individual articles are valuable, this in-depth look at enabling Intel SGX in a single application provides developers with a hands-on and holistic view of the technology as it is woven into a real-world application.
This tutorial will consist of several parts—currently 12 articles are planned, though the exact number may change—each covering a specific topic. While a precise schedule has not been set, each part in the series should be published every two to three weeks* and in these broad phases:
- Concepts and design
- Application development and Intel SGX integration
- Validation and testing
- Packaging and deployment
Source code will accompany relevant sections of the series and will be distributed under the Intel Sample Source Code license. Don’t expect to start seeing source code for a few weeks, however. The first phase of the tutorial will cover the early fundamentals of Intel SGX application development.
At the end of the series, the developer will know how to:
- Identify an application’s secrets
- Apply the principles of enclave design
- Use trusted libraries in an enclave
- Build support for dual code paths in an application (to provide legacy support for platforms without Intel SGX capabilities)
- Use the Intel SGX debugger
- Create an Intel SGX application installer package
The sample application
Throughout the series we will be developing a basic password manager. The final product is not meant to be a commercially viable application, but rather one with sufficient functionality to make it a reasonable performer that follows smart security practice. This application is simple enough to be reasonably covered in the tutorial without being so simple that it’s not a useful example.
What you’ll need
Developers who want to work with the source code as it is released will require the following:
|Intel® processor with Intel® Secure Key technology||Yes||The password manager will make extensive use of the digital random number generator provided by Intel Secure Key technology. See http://ark.intel.com to find specific processor models with Intel Secure Key technology support.|
|6th generation Intel® Core™ processor with Intel® Software Guard Extensions (Intel® SGX) enabled BIOS||No||To get the most out of the tutorial, a processor that supports Intel SGX is necessary, but the application development can take place on a lesser system and Intel SGX applications can be run in the simulator provided with the SDK.|
These software requirements are based on the current, public release of the Intel SGX Software Developer’s Kit (SDK). As newer versions of the SDK are released, the requirements may change.
Updated July 11, 2016: The SDK requirement has been updated to 1.6. This also forced the Microsoft Visual Studio* version to 2013.
|Intel® Software Guard Extensions (Intel® SGX) SDK v1.6||Yes||Required for developing Intel SGX applications.|
|Microsoft Visual Studio* 2013 Professional Edition||Yes||Required for the SDK. Each SDK release is tied to specific versions of Visual Studio in order to enable the wizards, developer tools, and various integration components.|
|Intel® Parallel Studio XE 2013 Professional Edition for Windows*||No|
This is recommended but it is not strictly necessary for Intel SGX development.
This series will cover every aspect of the software development cycle when building an Intel SGX application, beginning at application design, and running through development, testing, packaging, and deployment. The tutorials will cover concepts and design, application development and Intel SGX integration, validation and testing, packaging and deployment, and disposition.
We’re excited to be launching this series and are looking forward to having you join us!
Part 1 of the series, Intel® Software Guard Extensions Tutorial Series: Part 1, Intel® SGX Foundation, provides an overview of the technology and lays the groundwork for the rest of the tutorial.
Part 2 of the series, Intel® Software Guard Extensions Tutorial Series: Part 2, Application Design, describes a high-level specification for the application we’ll be developing: a simple password manager.
Part 3 of the series, Intel® Software Guard Extensions Tutorial Series: Part 3, Designing for Intel® SGX, discusses how to design an application with Intel SGX in mind.
Part 4 of the series, Intel® Software Guard Extensions Tutorial Series: Part 4, Enclave Design, begins development on the enclave.
Part 5 of the series, Intel® Software Guard Extensions Tutorial Series: Part 5, Enclave Development, completes the first version of the enclave.
Part 6 of the series, Intel® Software Guard Extensions Tutorial Series: Part 6, Dual Code Paths, makes our application capable of running on hosts both with and without Intel SGX support.
Part 7 of the series, Intel® Software Guard Extensions Tutorial Series: Part 7, Refining the Enclave, revisits the enclave interface and adds a small refinement to make it simpler and more efficient.
Part 8 of the series, Intel® Software Guard Extensions Tutorial Series: Part 8, GUI Integration, integrates the user interface with the back-end code.
Part 9 of the series, Intel® Software Guard Extensions Tutorial Series: Part 9, Power Events and Data Sealing, looks at the impact of power events on Intel SGX and adapts our application to provide a seamless user experience.
Part 10 of the series, Intel® Software Guard Extensions Tutorial Series: Part 10, Enclave Analysis and Debugging, examines the Intel SGX Debugger and the Enclave Memory Measurement Tool.
*Note: Due to attrition, the cadence of the releases may stretch out to every three to four weeks on average. We are still committed to this series, though, and in particular do not want the quality to suffer in order to meet the more aggressive schedule that we had originally planned. We do apologize for any inconvenience this causes.