Main Reference is https://blog.csdn.net/liangyihuai/article/details/103620259 and this is an English version with updated details for developers. If any problem, please feel free to contact with me.
1. Ensure the hardware supports the Intel SGX and enable it in BIOS. Check CPU version through https://ark.intel.com/content/www/us/en/ark.html, and the available CPU will be marked as “YES/YES with ME”.
2. Prepare SGX developing environment.
OS: Windows 10
Preparing SGX developing environment becomes easy in Windows now.
2.1) Download required sources of SGX for Windows. Click this link Commercial Product Request - Intel® Products to download SGX SDK for Windows. Sign up your own account (using valid e-mail address) and download sgx sdk directly (as shown in figure 1);
2.2) Install required sources of SGX for Windows. As you can see, you have 3 choices here: Intel SGX Data Center Attestation Primitives (i.e., Intel SGX DCAP, optional), Intel SGX Platform Software for Windows (i.e., SGX PSW, required) and Intel SGX SDK for Windows (i.e., SGX SDK, required). Download them all and install them follow the order (PSW→SDK→DCAP). The SGX SDK will be installed automatically by clicking the 3 .exe files.
2.3) Install SGX driver. To enable Remote Attestation service, please install SGX driver at first. There are 2 ways to install SGX driver:
pnputil /add-driver sgx_base.inf /install pnputil /add-driver sgx_psw.inf /install
Just open cmd in Administrator manner and enter the directory where the “sgx_base.inf” and “sgx_psw.inf” exist. Running the above two command and the driver can be successfully installed.
3. Test the SGX——the “Hello world” application
OS: Windows 10
Complier: Visual Studio 2017 (or above)
3.1) New a SGX project. Open VS 2017 and create a new SGX project from the “Visual C++” option with default configurations; Name your own SGX project such as “Enclave1”;
3.2) Modify .edl file. Open “Enclave1.edl” in “Source Files” and ADD (not replace!) the following content:
trusted {
public void foo([out, size=len] char* buf, size_t len);
};
Like this:
3.3) Modify .cpp file. Open “Enclave1.cpp” in “Source Files” and ADD (not replace!) the following content:
#includevoid foo(char *buf, size_t len) { const char *secret = "Hello Enclave!"; if (len > strlen(secret)) { memcpy(buf, secret, strlen(secret) + 1); } }
Like this:
3.4) Configure the project. First, click on “properties” of the project “Enclave1” and then click on “debugging”. Then change “Working Directory” from default to “$(OutDir)”:
3.5) New a simple C/C++ project. Click on “Add” and select “New project” to create a new C/C++ project as a enter point for the enclave. Note that, the two projects belongs to the SAME solution.
Name this project, such as “APP”:
3.6) Add a new .cpp file as the enter point for the APP project. It is a file called “main.cpp”, namely placing the “main” function:
3.7) Write a main function to invoke Enclave. Copy the following codes and paste them to the app.cpp:
#include#include #include "sgx_urts.h" #include "sample_enclave_u.h" #define ENCLAVE_FILE _T("Enclave1.signed.dll") #define MAX_BUF_LEN 100 int main() { sgx_enclave_id_t eid; sgx_status_t ret = SGX_SUCCESS; sgx_launch_token_t token = { 0 }; int updated = 0; char buffer[MAX_BUF_LEN] = "Hello World!"; // Create the Enclave with above launch token. ret = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL); if (ret != SGX_SUCCESS) { printf("App: error %#x, failed to create enclave.n", ret); return -1; } // An Enclave call (ECALL) will happen here. foo(eid, buffer, MAX_BUF_LEN); printf("%s", buffer); // Destroy the enclave when all Enclave calls finished. if (SGX_SUCCESS != sgx_destroy_enclave(eid)) return -1; return 0; }
It will be many errors at this point, don’t worry and do the following steps.
3.8) Add references between the “APP” and the “Enclave1” projects. Click on “APP” and find “Intel SGX configuration” option (Figure 12).
Then import Enclave1 into APP as what shown in Figure 13:
After this step, you will find out that most errors disappear.
3.9) Modify reference for header. Modify the 4th and 5th line according to your setting, e.g., in the example, the two lines should be
#include "Enclave1_u.h"
#define ENCLAVE_FILE _T("Enclave1.signed.dll")
Since the SGX project is named “Enclave1”.
3.10) Configure the new Project (i.e., APP). First, click on the properties of this project (Figure 14) and find the “debugging” page (Figure 15).
3.11) Configure relationship between the two projects. Click on the properties of the Solution (Figure 16) and set startup project be the APP (Figure 17).
3.12) Set dependences between the two projects. Set Project Dependencies in Solution Properties as shown in Figure 18.
3.13) Now, let’s build and run this solution. Build the entire solution as what you used to do and run it by “Start without debugging”. You can choose the debugging mode from Simulation/Debug/…. The VS debugging platform should be consistent to your platform (e.g. X86 in this example).
If you see “Hello Enclave!” in the project Enclave1 rather than “Hello world!” in the APP project is printed in the console. Congratulations, you successfully prepare SGX developing environment in Windows 10 and deploy the first SGX project!
