Install Graphene SGX

2 minute read

Published:

installations

In this brief post, we will be installing GrapheneSGX on a real machine with support for Intel SGX. We will be using Ubuntu 20.04 and kernel version: 5.12. There are other great tutorials out there. They are more general and can be used by anyone. Here, we are focusing on a particular machine.

Our expectations:

  • We will be using the latest stable version that was released in 2020. v1.1
    • The master branch is in between transition from make to meson. Though it builds successfully, I have faced some issues in running some examples. As there are no major functional changes as of now, we will wait for it to become stable before switching to it.
  • Graphene with SGX support.
  • All features working as expected, with all the PATH variables correctly set up.
  • Run an example: Maybe Iozone

Not focusing on:

  • We are ignoring the GDB tests for now.

Prerequisites:

  • Linux driver is installed.
  • Linux SDK is installed
  • Linux PSW is installed

How to test if prerequisites match:

cd linux-sgx/SampleCode/SampleEnclave

If you see these two lines:

The project has been built in debug hardware mode
Info: SampleEnclave successfully returned.

then the installation is working fine.

Installing GrapheneSGX

We will be following build instructions available here.

Graphene Dependencies

sudo apt-get install -y \
    build-essential \
    autoconf \
    bison \
    gawk \
    meson \
    python3-click \
    python3-jinja2

SGX

sudo apt-get install -y \
    libcurl4-openssl-dev \
    libprotobuf-c-dev \
    protobuf-c-compiler \
    python3-pip \
    python3-protobuf

python3 -m pip install toml>=0.10

Install the Linux kernel patched with FSGSBASE

This is a crucial step. However, if you are on Linux kernel 5.9 or higher, which we are, this can be safely ignored. If you are not, at this time I recommend updating the kernel version instead of going through this patching process. Check it out here: (https://graphene.readthedocs.io/en/latest/building.html#install-the-linux-kernel-patched-with-fsgsbase)

Building graphene

git clone https://github.com/oscarlab/graphene.git
cd graphene
git checkout -v1.2-rc1

git submodule init
git submodule update

# Generate the key
openssl genrsa -3 -out enclave-key.pem 3072
mv enclave-key.pem Pal/src/host/Linux-SGX/signer

# you may have to tinker with ISGX_DRIVER_PATH
# if you face any errors, pass the SGX driver path here. Or Graphene will ask you that during the installation

export ISGX_DRIVER_PATH=<PATH TO YOUR DRIVER WITHOUT QUOTES>
export ISGX_DRIVER_PATH=/home/sandeep/Desktop/work/phd/sgx_related/linux-sgx-driver
make SGX=1 
meson setup build/ --buildtype=release -Ddirect=disabled -Dsgx=enabled
ninja -C build/
sudo ninja -C build/ install

The build will take some time as it builds the entire libc for some reason.