High-level Overview
- Protected file operations trapped into the libOS
- LibOS calls the corresponding user-level functions (
pf_*) - The user-level functions invokes it's internal Intel PF functions (
ipf_*) - Callback the actual functions which does the operation (
cb_*)
- PF is stateful and it's maintained by
pf_context - Integrity guaranteed by MHT
Gadgets
- The implementation of PF can be found here.
- Just like the Intel PF, there are a set of user interfaces and another set of functions as internal implementation.
ipfstands for Intel Protected File. They are internal implementation of PF, just like which in the SGX SDK.
User Interfaces
Graphene-SGX PF User Interfaces
Callbacks
First of all, several callback function pointers are set beforehand and will be used later in read & write, encryption and decryption.
All the call back function pointers are set to callbacks from enclave_pf.c.
Internal data structures
They are very similar to which in SGX SDK.
Internal implementation
Functions starting with name ipf_.