Intel® Software Guard Extensions (Intel® SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. Intel® SGX makes such protections possible through the use of enclaves. Enclaves are protected areas of execution. Application code can be put into an enclave through special instructions and software made available to developers by the Intel® SGX SDK.
You are recommended to use the Intel® Compiler to compile your enclaves. The Release Notes included in the Intel® SGX SDK package list the specific Intel Compiler versions that are recommended for this particular Intel SGX SDK release. However, if you prefer compiling your enclaves with the Visual Studio* compiler, you can change the compiler by following these steps.
Once the Intel® SGX Debugger has been selected for the application project, setting breakpoints and/or stepping into an enclave works exactly as normal application debugging does in Microsoft* Visual Studio*.
The Intel® Software Guard Extensions SDK provides the following collection of untrusted libraries.
Table 9 Untrusted Libraries included in the Intel® SGX SDK
Count attribute is used to indicate a block of
sizeof element pointed by the pointer in bytes used for copy depending on the direction attribute. The
size attribute modifiers serve the same purpose. The number of bytes copied by the trusted bridge or trusted proxy is the product of the count and the size of the data type to which the parameter points. The count may be either an integer constant or one of the parameters to the function.
Generally speaking, Remote Attestation is the concept of a HW entity or of a combination of HW and SW gaining the trust of a remote provider or producer of some sort. With Intel® SGX, Remote Attestation software includes the app’s enclave and the Intel-provided Quoting Enclave (QE) and Provisioning Enclave (PvE). The attestation HW is the Intel® SGX enabled CPU.
The untrusted library functions can only be called from application code - outside the enclave.
These functions allow an ISV to exchange secrets between its server and its enclaves. They are used in concert with untrusted Key Exchange functions.