-
Notifications
You must be signed in to change notification settings - Fork 0
How to analyse an SGX Enclave? (Installation and Usage)
Based on the paper "sgx-perf: A Performance Analysis Tool for Intel SGX Enclaves", a tool (called SGX-Perf) was developed by the TU Braunschweig, which enables a high-level analysis of enclaves.
To integrate SGX-Perf into the existing program, no major changes are necessary.
As a prerequisite a few more things should be installed on the system. This can be done with the package management of Ubuntu. All you need to do is use the following command.
sudo apt-get install cmake libelf-dev graphviz
These programs are used to create the application and plot graphs.
Before we can use the analysis tool, it has to be compiled first. The repository of the analysis tool has been added as submodules to this git repo (3rd-party/sgx-perf
). The following instructions work for the original repository as well. You only have to note the path information. The following commands must be executed in the main directory of the analysis tool.
cd <sgx-perf-folder>
mkdir build
cd build
cmake ..
make
SGX-Perf is now compiled and can be used. To integrate this tool into the development environment, we have to adapt the execution environments. We get to this dialog analogous to the configuration of the SGX debugger.
Here we have to select the Environment
tab, as shown in the following picture. At this point we have to integrate the analysis tool. By setting the variable LD_PRELOAD, a program can be loaded which should be started before the actual execution of the enclave.
From the previous commands it can be seen that the compiled analysis tool is located in the relative path <sgx-perf-folder>/build/lib/
. An enclave can be run in different modes. Depending on the execution, one of the following variable definitions must be selected:
- Simulation mode:
LD_PRELOAD = <sgx-perf-folder>/build/lib/libloggersim.so
- Hardware mode:
LD_PRELOAD = <sgx-perf-folder>/build/lib/liblogger.so
SGX-Perf now stores the recordings in a SQLITE database with the format out-<pid>.db
This is located in the execution directory of the Enclave.
The Analysis Tool records all function calls. Since many internal calls are also generated, you can use the following call to filter the display. Only calls that have been executed at least twice are displayed here.
cd <sgx-perf-folder>/build/bin
./analyzer -e 2 -o 2 <working-directory>/out-<pid>.db
The following figure shows an example of the analysis data. In particular, the execution time of individual OCALL / ECALL calls can be seen from this.
BILD EINFÜGEN
In addition, diagrams can also be plotted to provide an overview of the hierarchy of function calls (Which function calls which function?)
BILD EINFÜGEN
For further information please refer to the SGX-Perf Repository.
🛠️ How to install Intel SGX Driver on Ubuntu
🛠️ How to install Intel SGX SDK on Ubuntu
🎯 Validate that your Intel SGX Setup is working correctly
💻 How to setup the Eclipse IDE (with SGX Plugin)
⭐ How to setup the first SGX Project
📊 How to analyse an SGX Enclave? (Installation and Usage)
📁 Brief introduction: SQLite's Virtual File System