2

I'm trying to use the new windows 1709 feature that allows to load a DLL into enclave memory.

I didn't find ANY documentation or example of doing it. As far as I understand these are the steps to achieve it:

  1. Check that VBS (only VBS supports enclave image) enclave type is supported using IsEnclaveTypeSupported.

  2. Use CreateEnclave function to create enclave.

  3. Use LoadEnclaveImage function to load the image into the enclave memory.

Here is code snippet that I tried to use:

HANDLE h = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessPid());
BOOL vbsSupport = IsEnclaveTypeSupported(ENCLAVE_TYPE_VBS); //returns TRUE
ENCLAVE_CREATE_INFO_VBS vci = { 0 };
vci.Flags = 1;
LPVOID lpAddress = CreateEnclave(h, NULL, 0x10000, NULL, ENCLAVE_TYPE_VBS, &vci, sizeof(ENCLAVE_CREATE_INFO_VBS), NULL);

The call the CreateEnclave return NULL and set the last error code to 0x32 (The request is not supported).

Any ideas how to make it work ?

AK87
  • 613
  • 6
  • 24
  • After further investigation I noticed something very weird. When compiling the above code in 64bit, the call to createEnclave never returns. Furthermore, the computer is stuck, and closing the application isn't possible even with Process Hacker or Procexp. It seems that the kthread is stuck in a deadlock. I tried the following with more than 4 different fully updated computers (even without VBS/SGX ever been enabled). – AK87 Feb 04 '18 at 11:26

1 Answers1

0

Is Hyper-V enabled? It's required for enclaves to work.

Michael Chourdakis
  • 10,345
  • 3
  • 42
  • 78
  • Sure it is. Before enabling it IsEnclaveTypeSupported returned FALSE. After enabling hyper-v and secure boot, IsEnclaveTypeSupported return TRUE. – AK87 Feb 11 '18 at 08:03
  • My try works, but I cannot find the LoadEnclaveImage function into the dlls. – Michael Chourdakis Feb 11 '18 at 08:26
  • You have to update to the latest Windows SDK to find these functions – AK87 Feb 11 '18 at 12:03
  • Check vertdll.dll exports and you will see that the function is not there. Basically I can't even find api-ms-win-core-enclave-l1-1-0.dll. Regarding your question, the 0x10000 size might be wrong (I tried with 1MB and it works). – Michael Chourdakis Feb 11 '18 at 18:07
  • I found it in kernelbase.dll. But it won't load a dll file, it says that it's not signed (even if I sign it). – Michael Chourdakis Feb 11 '18 at 18:17