Support for using WIL from inside an Enclave

microsoft / wil

Windows Implementation Library

MIT License

2.57k stars 234 forks source link

Support for using WIL from inside an Enclave #460

Open jonwis opened 1 month ago

jonwis commented 1 month ago

https://learn.microsoft.com/windows/win32/trusted-execution/enclaves support a restricted subset of the Win32 API surface. Methods like FormatMessageW and LoadLibraryW and GetModuleHandle are not directly supported. These are used by WIL for various purposes including error reporting.

Provide a control flag to either set "WIL for enclaves" mode (similar to the existing kernel mode flag) or provide configurability for the uses of those unsupported methods.

Consider adding helpers for things like more strongly typed CallEnclave operations as well, and a general-purpose wil::enclave type that wraps the create/init/getmethods helpers with a .call(...) method.

jonwis commented 1 month ago

We've found that many WIL linker errors can be resolved by turning off static initializers:

#ifndef RESULT_SUPPRESS_STATIC_INITIALIZERS
#define RESULT_SUPPRESS_STATIC_INITIALIZERS
#endif

FormatMessageW is another to fix - THROW_IF_FAILED pulls in wil::ResultException whose ::what() uses FormatMessageW which is ... not in the Enclave API surface.

IsDebuggerPresent is another to fix. Probably used in the exception processing/logging path for a "break on error" experience.

tusharchitti commented 1 week ago

I am starting to work on this, understanding what enclave and will share udpates soon.