Install Graphene SGX

2 minute read

Published:

In this brief post we will be installing GrapheneSGX on a real machine with support for Intel SGX. We will be using Ubuntu 20.04 and kernel version: 5.12. There are other great tutorials out there. They are more like a general version and can be used by anyone. Here, we are focusing on a particular machine.

What are our expectations:

  • We will be using the latest stable version that was released in 2020. v1.1
    • The master branch is in between transition from make to meson. Though it builds successfully, I have faced some issues in running some examples. As there are no major functional changes as of now, we will wait for the it to become stable before switching to it.
  • Graphene with SGX support.
  • All features working as expected, with all the PATH variables correctly setup.
  • Run an example: May be Iozone

Not focusing on:

  • We are ignoring the GDB tests for now.

Prerequisites:

  • Linux driver is installed.
  • Linux SDK is installed
  • Linux PSW is installed

How to test if prerequisites matches:

cd linux-sgx/SampleCode/SampleEnclave

If you see these two lines:

The project has been built in debug hardware mode
Info: SampleEnclave successfully returned.

then the installation is working fine.

Installing GrapheneSGX

We will be following build instructions available here.

Graphene Dependencies

sudo apt-get install -y \
    build-essential \
    autoconf \
    bison \
    gawk \
    meson \
    python3-click \
    python3-jinja2

SGX

sudo apt-get install -y \
    libcurl4-openssl-dev \
    libprotobuf-c-dev \
    protobuf-c-compiler \
    python3-pip \
    python3-protobuf

python3 -m pip install toml>=0.10

Install the Linux kernel patched with FSGSBASE

This is a crucial step. However, if you are on Linux kernel 5.9 or higher, which we are, this can be safely ignored. If you are not, at this time I will recommend to update the kernel version instead of going through this patching thing. Check it out here: (https://graphene.readthedocs.io/en/latest/building.html#install-the-linux-kernel-patched-with-fsgsbase)

Building graphene

git clone https://github.com/oscarlab/graphene.git
cd graphene
git checkout -v1.2-rc1

git submodule init
git submodule update

# Generate the key
openssl genrsa -3 -out enclave-key.pem 3072
mv enclave-key.pem Pal/src/host/Linux-SGX/signer

# you may have to tinker with ISGX_DRIVER_PATH
# if you face any errors, pass the SGX driver path here. Or Graphene will ask you that during the installation

export ISGX_DRIVER_PATH=<PATH TO YOUR DRIVER WITHOUT QUOTES>
export ISGX_DRIVER_PATH=/home/sandeep/Desktop/work/phd/sgx_related/linux-sgx-driver
make SGX=1 
meson setup build/ --buildtype=release -Ddirect=disabled -Dsgx=enabled
ninja -C build/
sudo ninja -C build/ install

The buidl will take some time as it builds the entire libc for some reason.