jbdelcuv
commented
9 hours ago The wording in Table 8 probably requires updating. Yes, you may use the pthread library to create/use threads inside an enclave. However, creating threads requires making an OCALL to have the OS create such thread. Note that the pthread API supported inside enclaves is the minimum required in order to support the OpenMP library. Please review the Intel SGX Developer Reference for limitations. Whether you use SGX or TDX depends on what you're trying to achieve and your security posture/requirements.
I have been reading the Intel SGX Developer Guide _(https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_Developer_Guide.pdf, Thu 12 Sep 2024 05:51:39 AM UTC)_ and encountered some confusion regarding thread behavior in the enclave.
Here are the specific sections causing my confusion:
P30-P31: In Table 8, "Summary of Intel® SGX Rules and Limitations," it mentions: "Threading support is Partially. Creating threads inside the enclave is not supported. Threads that run inside the enclave are created within the (untrusted) application. Spin-locks, trusted mutex, and condition variables API can be used for thread synchronization inside the enclave."
P144: In the section about pthreads, it states: _"The Intel® Software Guard Extensions (Intel® SGX) SDK includes a trusted version of the pthreads library. The library is named sgxpthread and can only be used inside an enclave."
Questions:
Any clarification or guidance on how to approach multi-threading in an SGX environment would be greatly appreciated. Thank you for your assistance!