When you use the
This module can either run to completion and terminate, or it can define a set of functions and variables that
can subsequently be called and accessed from your Java enclave code.
The sample "hello world" enclave took us through a tutorial on how to write an
enclave that takes a string, reverses it and returns it via the host to the client. In this section we
Make sure you've already run through the tutorial and have a working sample application as a starting point.
following line to your enclave
1 2 3 4 5
1 2 3 4 5
Import the GraalVM SDK classes¶
the SDK is automatically added when you specify
supportLanguages = "python" for python.
So you just need to add the following import statements to
1 2 3 4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This warning only applies to Python code. The context that runs the Python code must be closed before the enclave is destroyed otherwise
the application will hang once the method destroyEnclave is invoked. For now, the best place to close the context
is at the bottom of the
receiveMail method as shown below:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Remove the Java code that reverses the string and replace it with the following function. Note
static has been removed from the function declaration because it now accesses the
1 2 3 4 5 6 7 8 9 10
Finally, run the sample code as described in the tutorial. The result should be the same: the string passed as an argument to the client is reversed and returned to the client.
Build times can be quite long when running in simulation mode. For productivity reasons, it is advisable to run the sample in mock mode. Before running the sample in mock mode, it is necessary to:
- Download graalvm-ce-java11.
- Set the environment variable
JAVA_HOMEto point to the GraalVM that was previously downloaded. For instance,
- Update the environment variable PATH by running
- For Python only - Install the Python component by running the command
gu install python.
The functionality described on this page involves JIT compilation within the secure enclave. Due to the unavailability of the CPUID instruction in SGX enclaves, some optimisations which depend on the presence of certain instruction set extensions may not take place and performance may be degraded.
The processor of the host system must support the SSE and SSE2 instruction set extensions. If these extensions are not present, the enclave may abort unexpectedly.
Python support is limited and there are known vulnerabilities in the
pip version used by our GraalVM version.
At this point, there are no known versions of
pip that have those vulnerabilities fixed, so it should be
used at the user's risk.