11
Sep

Debugging Intel® SGX Applications | Intel Software


[MUSIC PLAYING] Hi, I’m John
Mechalas with Intel. In this video, we’re
going to discuss debugging Intel software
guard extensions applications. Intel SGX enclaves can
be built in debug mode or in release mode. A debug mode enclave
is inspectable. You can attach to it with
the Intel SGX debugger. Examine its state. And step through
its code just as you would when debugging
any other application. When you are actively developing
your Intel SGX application, you are probably building
your enclave in debug mode. The CPU will allow any debug
mode enclave to launch, but because you can attach
to them with the Intel SGX debugger, they are not secure. Enclaves built in
debug mode should never be deployed in a
production application. Unlike debug mode, an enclave
that’s built in release mode cannot be debugged
under any circumstances, this restriction is
enforced by the CPU. Debugging in Intel
SGX enclave, does require the use of
special CPU instructions and that means you must use
the Intel SGX debugger that is included with the Intel
SGX software development kit. Debuggers without
Intel SGX will simply skip over your enclave code. In the example
program shown here, we’ve set a breakpoint
in the enclave. When we launch the standard
Visual Studio debugger, you can see that the
breakpoint is never triggered. To properly debug
this application, we need to change the debugger
in the project configuration to the Intel SGX debugger. We also need to make sure that
the Intel SGX debugger has the correct working
path so that it can find the debugging symbols. Here, we change the
working directory to the output directory. Now when we run the
Intel SGX debugger, we can see that the
breakpoint gets triggered. If you are developing
a managed application, such as one written in C#,
you can’t run the Intel SGX debugger directly from
within Visual Studio. Instead, you’ll need to
launch your application and then, attach to it. Under the Debug menu,
select Attach to Process. Hit Select. Choose Intel SGX
as the code type. Now you can run
your application, refresh the process list in
the attached to process window. And select the application. As you can see, our enclave
breakpoint is triggered. Debugging is an important part
of application development. Enclaves that are built in
debug mode can be debugged, but you must use the Intel
SGX debugger to do it. You can even debug mixed
mode Intel SGX applications in Windows, though, there are
some additional steps required. Be sure to watch the rest of
this playlist to learn more about Intel SGX
application development, and remember to like
this video and subscribe. [INTEL THEME]

Tags: , , , , , , , , , , , , , , , , , , , , ,

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *