Video Series: Intel® Software Guard Extensions—Part 5: Advanced: Enclave Definition Language

This discussion addresses how to pass pointers as parameters and get direct control for handling the pointers.

Hi, I'm John Mechalas with Intel. In this video, we're going to discuss some advanced topics in the enclave definition language used by Intel® Software Guard Extensions, or Intel® SGX.

The enclave definition language allows you to marshal data buffers in and out of your ECALLs and OCALLs. With the in, out, and count keywords, you tell the edge routines which direction to marshal the data buffer and how many elements are in it.

Sometimes, however, you need to provide additional information when passing pointers as parameters, and there are situations when you need direct control over how the pointers are handled. We'll cover some of those advanced techniques in this video. If you haven't watched the video which introduces the enclave definition language, we recommend you do that first.

Sometimes, it's necessary to pass a void pointer to an ECALL or OCALL. The problem with a void data type is that the edge routines don't know the size of the data elements and thus, can't calculate the total size of the data buffer that needs to be marshaled.

To address this problem, the EDL syntax provides the size keyword. By specifying the element size to your ECALL or OCALL definition, the edge routines will know exactly how much data to copy.

In the example shown, 32 eight-byte values will be marshaled into the ECALL. As with the count parameter, you can also reference a function parameter. Sometimes you don't want to marshal the whole data buffer and instead only want to pass the raw pointer to the ECALL or OCALL. This is accomplished with the user check keyword.

A pointer that's passed in this manner skips the safety checks normally performed by the edge functions, as well as the data marshaling. The ECALL or OCALL will be operating on the original pointer address.

Only public ECALLs can be called by untrusted functions. These are referred to as the root ECALLs and are designated by the public keyword in the EDL file. ECALLs that aren't declared as public can only be called from inside of OCALLs. But by default, OCALLs are not allowed to call any ECALLs. You must declare which ECALLs an OCALL is allowed to execute by providing the allow keyword, followed by the ECALL names in parentheses.

In the example shown, the OCALL get_msg_block can only execute the ECALL update_hash. It cannot execute the init_hash or get_hash ECALLs, even though they are declared as public.

This video touched on some of the advanced features of the enclave definition language. Be sure to watch the rest of this playlist to learn more about Intel SGX application development. And remember to like this video and subscribe.