Today we are launching a multi-part tutorial series aimed at software developers who want to learn how to integrate Intel® Software Guard Extensions (Intel® SGX) into their applications. The intent of the series is to cover every aspect of the software development cycle when building an Intel SGX application, beginning at application design and running through development, testing, packaging, and deployment. While isolated code samples and individual articles are valuable, this in-depth look at enabling Intel SGX in a single application provides developers with a hands-on and holistic view of the technology as it is woven into a real-world application.

This tutorial will consist of several parts—currently 12 articles are planned, though the exact number may change—each covering a specific topic. While a precise schedule has not been set, each part in the series should be published every two to three weeks* and in these broad phases:

Concepts and design Application development and Intel SGX integration Validation and testing Packaging and deployment Disposition

Source code will accompany relevant sections of the series and will be distributed under the Intel Sample Source Code license. Don’t expect to start seeing source code for a few weeks, however. The first phase of the tutorial will cover the early fundamentals of Intel SGX application development.

Goals

At the end of the series, the developer will know how to:

Identify an application’s secrets

Apply the principles of enclave design

Use trusted libraries in an enclave

Build support for dual code paths in an application (to provide legacy support for platforms without Intel SGX capabilities)

Use the Intel SGX debugger

Create an Intel SGX application installer package

The sample application

Throughout the series we will be developing a basic password manager. The final product is not meant to be a commercially viable application, but rather one with sufficient functionality to make it a reasonable performer that follows smart security practice. This application is simple enough to be reasonably covered in the tutorial without being so simple that it’s not a useful example.

What you’ll need

Developers who want to work with the source code as it is released will require the following:

Hardware requirements

Hardware Hard Requirement Comments Intel® processor with Intel® Secure Key technology Yes The password manager will make extensive use of the digital random number generator provided by Intel Secure Key technology. See http://ark.intel.com to find specific processor models with Intel Secure Key technology support. 6th generation Intel® Core™ processor with Intel® Software Guard Extensions (Intel® SGX) enabled BIOS No To get the most out of the tutorial, a processor that supports Intel SGX is necessary, but the application development can take place on a lesser system and Intel SGX applications can be run in the simulator provided with the SDK.

Software requirements

These software requirements are based on the current, public release of the Intel SGX Software Developer’s Kit (SDK). As newer versions of the SDK are released, the requirements may change.

Updated July 11, 2016: The SDK requirement has been updated to 1.6. This also forced the Microsoft Visual Studio* version to 2013.

Software Hard Requirement Comments Intel® Software Guard Extensions (Intel® SGX) SDK v1.6 Yes Required for developing Intel SGX applications. Microsoft Visual Studio* 2013 Professional Edition Yes Required for the SDK. Each SDK release is tied to specific versions of Visual Studio in order to enable the wizards, developer tools, and various integration components. Intel® Parallel Studio XE 2013 Professional Edition for Windows* No This is recommended but it is not strictly necessary for Intel SGX development.

Stay tuned

This series will cover every aspect of the software development cycle when building an Intel SGX application, beginning at application design, and running through development, testing, packaging, and deployment. The tutorials will cover concepts and design, application development and Intel SGX integration, validation and testing, packaging and deployment, and disposition.

We’re excited to be launching this series and are looking forward to having you join us!

Getting Started

Part 1 of the series, Intel® Software Guard Extensions Tutorial Series: Part 1, Intel® SGX Foundation, provides an overview of the technology and lays the groundwork for the rest of the tutorial.

Part 2 of the series, Intel® Software Guard Extensions Tutorial Series: Part 2, Application Design, describes a high-level specification for the application we’ll be developing: a simple password manager.

Part 3 of the series, Intel® Software Guard Extensions Tutorial Series: Part 3, Designing for Intel® SGX, discusses how to design an application with Intel SGX in mind.

Part 4 of the series, Intel® Software Guard Extensions Tutorial Series: Part 4, Enclave Design, begins development on the enclave.

Part 5 of the series, Intel® Software Guard Extensions Tutorial Series: Part 5, Enclave Development, completes the first version of the enclave.

Part 6 of the series, Intel® Software Guard Extensions Tutorial Series: Part 6, Dual Code Paths, makes our application capable of running on hosts both with and without Intel SGX support.

Part 7 of the series, Intel® Software Guard Extensions Tutorial Series: Part 7, Refining the Enclave, revisits the enclave interface and adds a small refinement to make it simpler and more efficient.

Part 8 of the series, Intel® Software Guard Extensions Tutorial Series: Part 8, GUI Integration, integrates the user interface with the back-end code.

Part 9 of the series, Intel® Software Guard Extensions Tutorial Series: Part 9, Power Events and Data Sealing, looks at the impact of power events on Intel SGX and adapts our application to provide a seamless user experience.

Part 10 of the series, Intel® Software Guard Extensions Tutorial Series: Part 10, Enclave Analysis and Debugging, examines the Intel SGX Debugger and the Enclave Memory Measurement Tool.

*Note: Due to attrition, the cadence of the releases may stretch out to every three to four weeks on average. We are still committed to this series, though, and in particular do not want the quality to suffer in order to meet the more aggressive schedule that we had originally planned. We do apologize for any inconvenience this causes.

Additional Resources

Get Started with the SDK

Intel® SGX Forum