|Aug 1, 2022
|Dec 3, 2021
|Oct 6, 2020
|May 20, 2020
|Jul 30, 2016
#945 in Hardware support
213 downloads per month
Compiles with Rust nightly.
pe2sgxs converts enclaves in Intel's PE format to SGXS format, optionally
extracting the signature. You can then use the SGXS file with the other SGXS
sgx-debug-read tries to read memory in the EPC. This will only succeed for
regular and TCS pages that are part of debug enclaves. The contents of the
memory (or zeroes for inaccessible memory) will be output to stdout. Errors
will be printed to stderr.
sgxs-build generates an SGXS by concatenating raw binary files specified on
the command line. For example, to generate the simplest valid enclave possible:
$ as -k
$ objcopy -O binary -j .text a.out
$ sgxs-build rx=a.out tcs=nssa:1 > a.sgxs
$ sgxs-info summary a.sgxs
0- fff Reg r-x (data) meas=all
1000-1fff Tcs --- (data) meas=all
2000-2fff Reg rw- (empty) meas=all
Input files will be page-aligned.
sgxs-info parses SGXS files for further analysis. It currently supports the
The most verbose listing format, which lists all the individual commands
contained in the input file, including their parameters. For EEXTEND commands,
data is either
(empty) if the data is all zeroes,
[byte]* if the data is
all the same value
(data) in any other case.
This is the only command that can read non-canonical SGXS files.
This listing format lists all commands, except EEXTEND commands. The EEXTEND
information is consolidated in the preceding EADD command. The data is
displayed in the same format as in the
list-all command. The
indicates which part of the page are being measured by an EEXTEND command:
This command gives a summarized overview of all the different sections in memory. The entire memory indicated by the enclave size is described. Consecutive pages that have the same type, flags, data and measurement fields are consolidated into a single line. Unmapped pages are indicated as such. Characteristics of TCS pages are displayed.
This command dumps the memory of the enclave as it would be seen before executing an EENTER instruction. Unmapped pages in between sections are filled with zeroes. Unmapped pages at the end are truncated.
sgxs-load loads an SGXS file into the EPC. Currently, only the linux
ioctl driver is supported. You must also provide a signature and initialization
sgxs-sign generates a SIGSTRUCT given an SGX stream and user-specified
parameters. You can generate a fresh private key using the
command like so:
openssl genrsa -3 3072 > private.pem