Graphene-SGX PF Implementation

April 14, 2021 at 7:45 am

High-level Overview

  1. Protected file operations trapped into the libOS
  2. LibOS calls the corresponding user-level functions (pf_*)
  3. The user-level functions invokes it's internal Intel PF functions (ipf_*)
  4. Callback the actual functions which does the operation (cb_*)
  • PF is stateful and it's maintained by pf_context
  • Integrity guaranteed by MHT


  • The implementation of PF can be found here.
  • Just like the Intel PF, there are a set of user interfaces and another set of functions as internal implementation.
  • ipf stands for Intel Protected File. They are internal implementation of PF, just like which in the SGX SDK.

User Interfaces

Graphene-SGX PF User Interfaces


First of all, several callback function pointers are set beforehand and will be used later in read & write, encryption and decryption.

All the call back function pointers are set to callbacks from enclave_pf.c.

Internal data structures

They are very similar to which in SGX SDK.

Internal implementation

Functions starting with name ipf_.

Graphene-SGX PF Internal