Setup SGX TEE Environment

Instance

Alibaba Cloud ecs.g7t.large

2 Cpu, 8GB Mem

Hongkong Region

OS: Ubuntu20.04 uefi x64

about $80/month

apt-get upgrade
apt-get install -y alien astyle autoconf automake bison build-essential ca-certificates cmake curl debhelper expect g++ gawk gdb git-core golang-go jq kmod lcov libboost-system-dev libboost-thread-dev libclang-dev libcurl4-openssl-dev libfuse-dev libjsoncpp-dev liblog4cpp5-dev libprotobuf-c-dev libprotobuf-dev libssl-dev libtool libxml2-dev nano ocaml ocamlbuild pkg-config protobuf-compiler python python3-pip sudo unzip uuid-dev vim wget zip gnupg aptitude rsync

SGX hardware

Check SGX status

root@sgx-hk-01:~# cpuid -1 -l 0x7 |grep SGX
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true

# Install cpuid
cd /tmp && wget <http://www.etallen.com/cpuid/cpuid-20200211.x86_64.tar.gz>
tar -zxvf cpuid-20200211.x86_64.tar.gz
cp ./cpuid-20200211/cpuid /usr/bin/

Check SGX Drivers

root@sgx-hk-01:~# ls -l /dev/{sgx_enclave,sgx_provision}
crw-rw-rw- 1 root root    10, 57 Jul 28 11:57 /dev/sgx_enclave
crw-rw---- 1 root sgx_prv 10, 56 Jul 28 11:57 /dev/sgx_provision

# If there are not any SGX Drivers installed
wget <https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu20.04-server/sgx_linux_x64_driver_1.41.bin>
chmod 777 sgx_linux_x64_driver_1.41.bin
sudo ./sgx_linux_x64_driver_1.41.bin

Install Intel SGX SDK

Build and run SGX sample code:

All the version numbers below are subject to be changed. But by following the steps, the number can be found easily.

# prepare
git clone <https://github.com/intel/linux-sgx.git>
cd linux-sgx 
# For Ubuntu22.04, sgx driver come by default; but it only works with version 2.19
git checkout sgx_2.19
make preparation

# make
make sdk_no_mitigation USE_OPT_LIBS=3
make sdk_install_pkg_no_mitigation
sudo ./linux/installer/bin/sgx_linux_x64_sdk_2.17.101.1.bin

# default prefix path: /opt/intel/sgxsdk
# update PATH
source /opt/intel/sgxsdk/environment

echo "source /opt/intel/sgxsdk/environment" >> ~/.bashrc

cd /opt/intel/sgxsdk/SampleCode/SampleEnclave
make
./app
# check the outputs

# or in SIM Mode
make SGX_MODE=SIM
./app

# if sgx-aesm-service is needed
wget <http://ftp.de.debian.org/debian/pool/main/p/protobuf/libprotobuf17_3.6.1.3-2_amd64.deb>
wget <http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb>
dpkg -i libprotobuf17_3.6.1.3-2_amd64.deb
dpkg -i libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb

wget <https://download.01.org/intel-sgx/sgx_repo/ubuntu/pool/main/utils/sgx-aesm-service/sgx-aesm-service_2.18.100.3-focal1_amd64.deb>
sudo dpkg -i sgx-aesm-service_xxx.deb
service aesmd restart
service aesmd status