3 minute read

Modified:

Published:

Status: In Progress

There are two crucial components for Intel SGX

  • Intel SGX Driver
  • Intel SGX SDK

They should be installed in the order mentioned. Also, if you ever upgrade your kenel, then these steps have to repeated. Before repeating this, you need to uninstall the installed versions of the SDK and PSW.

sudo /opt/intel/sgxpsw/uninstall.sh
sudo /opt/intel/sgxsdk/uninstall.sh

Installing Intel SGX driver

The driver is located Here


sudo apt-get install linux-headers-$(uname -r)
make clean & make -j12

There are some warning about the clock being skewed, but the file is generated. isgx.ko

Following commands are need to be issued:


sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"    
sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"    
sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules"    
sudo /sbin/depmod
sudo /sbin/modprobe isgx

Installing the Intel SGX SDK

Follwing the guide publihsed here


$ sudo apt update  
$ sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev  
$ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake

Using a shell script provided in the code

./download_prebuild.sh download_prebuild

Build the Intel(R) SGX SDK and Intel(R) SGX PSW

To build both Intel(R) SGX SDK and PSW with default configuration, enter the following command:
$ make

download_prebuild

If you want to make a non-stripped version of the PSW then before make, use the command to set the appropriate environment variable:

$ export DEB_BUILD_OPTIONS="nostrip"  
$ make

This is requried for packages such as sgx-perf

Building the SDK

By default the optimized version of the libararies (download using the download_prebuild.sh script). We can disable this by issuing the command

From the root directory, switch the directory to

$ cd linux/installer/bin/ 
$ ls

drwxrwxr-x  3 sandeep sandeep 4.0K Apr 27 13:55 .
drwxrwxr-x  5 sandeep sandeep 4.0K Apr 27 13:53 ..
-rwxrwxr-x  1 sandeep sandeep 3.6K Apr 27 13:53 build-installpkg.sh
-rwxrwxr-x  1 sandeep sandeep 4.2K Apr 27 13:53 install-sgx-psw.bin.tmpl
-rwxrwxr-x  1 sandeep sandeep 6.1K Apr 27 13:53 install-sgx-sdk.bin.tmpl

download_prebuild
The folder contains the template to build the SDK and the PSW binaries. To build the SDK use the command

 $./build-installpkg.sh sdk

After which the folder contents will be:

 drwxrwxr-x  3 sandeep sandeep 4.0K Apr 27 13:55 .
drwxrwxr-x  5 sandeep sandeep 4.0K Apr 27 13:53 ..
-rwxrwxr-x  1 sandeep sandeep 3.6K Apr 27 13:53 build-installpkg.sh
-rwxrwxr-x  1 sandeep sandeep 4.2K Apr 27 13:53 install-sgx-psw.bin.tmpl
-rwxrwxr-x  1 sandeep sandeep 6.1K Apr 27 13:53 install-sgx-sdk.bin.tmpl
**-rwxrwxr-x  1 sandeep sandeep  14M Apr 27 13:55 sgx_linux_x64_sdk_2.5.101.50123.bin**

SDK can be installed using the command:

./sgx_linux_x64_sdk_2.5.101.50123.bin

download_prebuild
download_prebuild

The install path can be anything, however the standard is /opt/intel/sgxsdk

Building the PSW

Similary the PSW or Platform Software can be built.
This has to be build using the optimized version of the libaries. This is also needed when we are running the sample in the hardware mode. This is not required if the sample codes are executed in the simulator mode.

 $./build-installpkg.sh psw
 ./sgx_linux_x64_psw_2.5.101.50123.bin

and run the corresponding generated binary file with root access. If you have already installed a PSW before, it will ask you to uninstall that first. That can be done using the command:

 ./opt/instal/sgxpsw/uninstall.sh

Running the sample code

The sample code can be found inside the default install location of the sgxsdk

<ROOT_PATH>/_sgxsdk_/SampleCode

In the sample code folde

make SGX_MODE=SIM

to build in hardware mode, use:

make

The code is build into debug hardware mode. For the release hardware mode special keys from Intel are required.

Alien code

Installing the PSW may fail with the error that icsClient (or something like that) is not found.

# To use Trusted Platform Service functions:
# Ensure mei_me driver is enabled and /dev/mei0 exists.
# Download iclsClient (from here: https://software.intel.com/en-us/sgx-sdk/download) 
# and install it using the following commands: 
sudo apt-get install alien
cd /home/ubuntu/Downloads/
sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm
sudo dpkg -i iclsclient_1.45.449.12-2_amd64.deb
# To install the Intel(R) SGX PSW, invoke the installer with root privilege:
cd linux-sgx/linux/installer/bin
sudo ./sgx_linux_x64_psw_${version}.bin