Part 4 of the Intel Software Guard Extensions (Intel SGX) Tutorial Series will be coming out in the next few days. In it, we'll be starting our enclave implementation, focusing on the bridge/proxy functions for the enclave itself as well as the middleware layer needed for the C++ code to interact with it.
If you recall from the introduction, we are planning five broad phases in the series. With part 4 we complete our transition from the first phase, which focused on concepts and design, to the development and integration in the second. I want to take a few minutes to talk about what else is coming up and roughly where we are headed over the coming weeks.
- Part 5 will complete the development of the enclave. While part 4 is focused on the enclave interface layer and the enclave definition language (EDL), in part 5 we will code up the internals of enclave itself.
- In part 6, we'll add support for dual code paths so that the application runs on hardware that is both Intel SGX capable and incapable.
- In a change from our original plan for the series, part 7 will look at power events (specifically, suspend and resume) and its impact on enclaves.
- After that, we'll enter into the third phase of the tutorial which focuses on testing and validation. Here, we'll demonstrate that Intel SGX is providing the expected security benefits. We'll also look at tuning the enclave configuration to better match our usage.
- The final two phases, packaging and deployment, and disposition, will follow.
I should point out that these are all still plans and plans can change! The series is being developed as it's being released so we may find that topics need to be adjusted, added, or even dropped as we go. But for now, this is how things are shaping up.
Thank you for following along!