Description
The SGX binary may be loaded at any address. This means that e.g. pointers contained in global variables can't be completely determined at compile-time. At compile-time, you only know the offset w.r.t. the location of the field itself. Therefore, when the binary is loaded, it needs to be relocated. For this purpose, the ELF binary contains a relocation table. You can see this with e.g. readelf -r. On Linux, the dynamic loader (ld.so) normally does the relocation.
In SGX, we need to do this ourselves on first entry. So there's some Rust code that does this in the SGX port of std. However, this Rust code must not itself require any relocations, because it runs before those are done.
This enhancement is to build a static binary analysis tools that verifies no relocations are required from the SGX entry point until the relocation is done.