OCaml running in Intel SGX


We are trying to run some OCaml code within an Intel SGX enclave.

This OCaml code is called by a C wrapper using the method described
here: https://caml.inria.fr/pub/docs/manual-ocaml/intfc.html

Because Intel SGX doesn’t support the entire standard C library, we had
to create ocalls for the functions that are used by ocamlrun but not
supported by SGX. Using the functionalities provided by Intel SGX, we
managed to create an .so library containing our OCaml code along with
the C wrapper. This .so library is what is meant to run in an SGX
enclave (we so far only implemented the ocalls that we needed, and not
all missing functionalities from ocamlrun).

Our problem is now that when we call caml_startup from within our C
wrapper (in order to start the OCaml code), the code seem to simply call
‘exit’ and stop there. Does anyone know why this call to caml_startup
would call ‘exit’?

We managed to create a simple example, which I can be forward to anyone interested to take a look at.

Please note that we use ocaml 4.06.1 and gcc 7.3.0



I’m not in any way an OCaml runtime expert, but I looked through the startup code just now. There are plenty of failures that cause the runtime to call exit(2) after printing a message. The first plausible one I saw was failing to allocate memory for frame descriptors. I realize you’re working in a very restricted environment, but if you could capture an error message that might be helpful. You’re already doing plenty of hacking, so maybe you can hack fprintf(stderr) to do sprintf into a fixed buffer instead.

You may want to look at the Mirage OCaml runtime package at https://github.com/mirage/ocaml-freestanding

This works with an associated minilibc to provide an easy approach to compiling for non-traditional environments.


Regarding --> https://link.springer.com/chapter/10.1007%2F978-3-319-89884-1_22

Are you by any chance implementing a new cryptocurrency using your consensus algorithm? What do you intend to use SGX for?