#intel-sgx #sgx-enclave #enclave #sgx #applications #environment #describe


An interface for Intel SGX enclaves. This is the interface for the x86_64-fortanix-unknown-sgx target. This is a small yet functional interface suitable for writing larger enclaves. In contrast to other enclave interfaces, this interface is primarly designed for running entire applications in an enclave. This crate fully describes the type-level interface complete with documentation. For implementors, this crate contains all the type definitions and a macro with the function definitions.

8 unstable releases (3 breaking)

Uses old Rust 2015

0.5.0 Aug 16, 2022
0.4.1 Jul 29, 2022
0.4.0 Dec 3, 2021
0.3.3 Jul 19, 2019
0.1.0-rc1 Nov 19, 2018

#171 in Operating systems

Download history 11079/week @ 2024-01-06 10908/week @ 2024-01-13 10385/week @ 2024-01-20 10487/week @ 2024-01-27 11402/week @ 2024-02-03 10611/week @ 2024-02-10 11625/week @ 2024-02-17 11134/week @ 2024-02-24 11923/week @ 2024-03-02 11944/week @ 2024-03-09 11758/week @ 2024-03-16 11216/week @ 2024-03-23 10856/week @ 2024-03-30 11168/week @ 2024-04-06 11727/week @ 2024-04-13 8777/week @ 2024-04-20

44,151 downloads per month
Used in 11 crates (3 directly)

MPL-2.0 license

231 lines

The Fortanix SGX ABI (compiler target x86_64-fortanix-unknown-sgx) is an interface for Intel SGX enclaves. It is a small yet functional interface suitable for writing larger enclaves. In contrast to other enclave interfaces, this interface is primarily designed for running entire applications in an enclave.

The Fortanix SGX ABI specification consists of two parts:

  1. The calling convention (see FORTANIX-SGX-ABI.md)
  2. The execution environment and usercalls (this document)

Whereas the calling convention describes how information is passed to and from the enclave, this document ascribes meaning to those values.

The execution environment and usercalls have been designed with the following goals in mind:

  1. Compatible with most Rust code: Rust code that doesn't link to other C libraries and that doesn't use files (see no. 5) should compile out of the box.
  2. Designed for SGX: The SGX environment is unique and not compatible with other application environments out there. The primitives specified in this document are designed to work well with SGX, not to be similar to or compatible with primitives known from other environments.
  3. Designed for network services: The most interesting usecase for SGX is to run applications remotely in an untrusted environment, e.g. the cloud. Therefore, there is a primary focus on supporting functionality needed in those situations.
  4. No filesystem: Encrypted filesystems are hard. Especially in SGX, consistency and freshness are big concerns. In this initial version, there is no filesystem support, which is fine for most network services, which would want to keep their state with a database service anyway. Support might be added in the future.
  5. Not POSIX: The POSIX API is huge and contains many elements that are not directly supported by the SGX instruction set, such as fork and mmap. It is explicitly a non-goal of this specification to support all of POSIX.
  6. Designed to be portable: Enclaves don't interact directly with the OS, so there should be no need to recompile an enclave when running it with a different OS. This specification does not require any particular primitives or behavior from the OS.

Like on regular operating systems, there are two types of enclaves: executable-type and library-type. The main difference between the two different types is how the enclave may be entered. Once an enclave TCS is entered, the different types act virtually identically. More information on the two different types, TCSs, and enclave entry may be found in the entry module.

Once an enclave TCS is entered, it may performs synchronous usercalls as described in the calling convention. The TCS maintains its execution state between doing a usercall and returning from the usercall. Only when the TCS exits, either through a non-usercall exit or through the exit usercall, is the TCS state destroyed. This is depicted in the following diagram.

Enclave execution lifecycle

Enclaves may also perform asynchronous usercalls. This is detailed in the async module. Most usercalls can be submitted either synchronously or asynchronously.