Run real SGX applications on openSGX

[Samathy]

I'd like to use OpenSGX to write and test real SGX applications on local machines which don't support SGX instructions - and then be able to run the same application on machines that do support SGX with minimal changes.

OpenSGX does not seem to support function calls that are available on real SGX systems (For example, I can't find any reference to sgx_create_enclave() ).

Is there any way you'd suggest I could do this? Or is OpenSGX simply not the right tool?

Thanks

[johnmwshih]

The model between OpenSGX and Intel SDK is actually pretty similar. We provide equivalent api init_enclave() to sgx_create_enclave(), which creates an enclave and then loading the binary. For function call, you can directly do the same thing by using trampoline in OpenSGX for share data between host and enclave (Intel SDK use the same mechanism to support function calls).

[Samathy]

Creating an enclave from a binary seems to be provided by load_elf_enclave() - not init_enclave(). Making the api quite disimilar to Intel's (where loading a binary is provided through sgx_create_enclave() ). Or am I missing something?

Despite the api being disimilar - is all the functionality provided by openSGX the same as Intel's SDK? So I could write a wrapper from Intel -> OpenSGX to allow for testing?

p.s if this disgussion gets to much for GH issues - I'm happy to take this to email.

[fbdlampayan]

Hi!

I am actually having the same intent/plan as Samathy.

And seeing that the discussion may have been continued via email I must ask... Is it feasible? Are there any known differences/limitations? Will OpenSGx be the appropriate tool?

[johnmwshih]

We haven't have progress on making OpenSGX compatible with Intel SDK. It's highly depends on your needs -- if you just want to develop some sgx programs, Intel SDK would be better; If you want to explore on low-level layers, OpenSGX provides more flexibility, e.g., you can check enclu/encls implementation, emulates SGX version 2 instruction, which is not supported in current skylate cpu, etc.

[fbdlampayan]

Ahhh Alright! Thanks for the information @johnmwshih