# Recommended OS to start with

We recommend Ubuntu 16.04/18.04. Desktop or server is the same. It could be your host OS or guest OS (inside docker). Technically, a full compatible list could be found at Intel's download page. As of 04-01-2019 (v 2.4.0), the list contains:

  • CentOS 7.5
  • Fedora 27 server
  • RedHat Enterprise Linux 7.4
  • SUSE 12.3 server
  • Ubuntu 16.04
  • Ubuntu 18.04

# Hardware setup

A good reference for hardware compatibility is SGX-Hardware. You can use the script test-sgx.c there to check if SGX is/could be enabled.

Followings are FAQs I've been always asked:

  1. Macbook Pro? No to all on hardware support! Docker-based simulation is OK.
  2. Rack Server? Here are my listings:
  1. Laptops? I don't know. If you can find something related to Intel SGX in the BIOS, then Yes.

Another solution is Intel's VCA 2 card. It should be placed only in 2-socket Xeon E5 systems (or following). Dmitrii of Intel Lab is using it for Redis-SGX.

# Software Setup

# Rust toolchain

Please use rustup to install and manage Rust toolchains. DO NOT use anything like apt or yum.

During the installation you'll be asked about 'installation options' as follows:

Current installation options:

   default host triple: x86_64-unknown-linux-gnu
     default toolchain: stable
  modify PATH variable: yes

The host triple (though quadruple here) is correct. You could just press enter to skip it. When asking about default toolchain, you could enter nightly-2019-01-28 or similar version number. And we recommend to answer 'Y' to the PATH modification.

rustup is always installed in ~ and does not affect other users.

Then you will have rustup works well. To switch to another toolchain, try

$ rustup toolchain default nightly-2019-03-31

This would triggers downloading and installation if the desired toolchain is not found on your disk.

To add more rust tools such as rust-src (for xargo), rust-clippy (for lint):

$ rustup component add rust-src

# Intel SGX toolchain setup

The toolchain setup strictly follows the following steps:

  1. Driver installation ( sgx_linux_x64_driver_??????.bin ). You'll get a misc device '/dev/isgx' after this step.
  2. (OPTIONAL, if Intel ME is required) iCls setup (iclsClient-1.45.449.12-1.x86_64.rpm)
  3. (OPTIONAL, if Intel ME is required) jhi setup https://github.com/01org/dynamic-application-loader-host-interface
  4. Platform Software installation (libsgx-enclave-common, libsgx-enclave-common-dev, libsgx-enclave-common-dbgsym)
  5. Intel SGX SDK installation ( sgx_linux_x64_sdk_???????.bin )

And don't forget to source the environment file for Intel SGX SDK (such as sgx-sign).

# Docker setup

# Use docker with hardware support, and run aesm inside docker

Firstly, do step 0 to get /dev/isgx works. Then start a docker container as follows:

$ docker run -ti --rm -v /path/to/sdk:/root/sgx \
             --device /dev/isgx \
             --device /dev/mei0 \  # Optional if you have it and want to use it
             baiduxlab/sgx-rust
root@913e6a00c8d8:~#

(Optional) Install iCls and jhi daemon. Steps are here

(Optional) Start jhi daemon: jhid -d

Start aesm daemon

root@913e6a00c8d8:~# aesm_service[18]: The server sock is 0x5636e90be960
aesm_service[18]: [ADMIN]White List update requested
aesm_service[18]: [ADMIN]Platform Services initializing
aesm_service[18]: [ADMIN]Platform Services initialization failed due to DAL error
aesm_service[18]: [ADMIN]White list update request successful for Version: 49

root@913e6a00c8d8:~#

And then change directory to /root/sgx/samplecode/hello-rust and make. Then cd to bin and ./app.

# Use docker without hardware support, only with simulation. Windows/Macbook compatible.

Make sure you have docker installed and working.

Start docker as:

$ docker run -ti --rm -v /path/to/sdk:/root/sgx baiduxlab/sgx-rust
root@913e6a00c8d8:~#

And then build in simulation mode

$ cd /root/sgx/samplecode/hello-rust
$ SGX_MODE=SW make
$ cd bin
$ ./app

# Use docker with hardware support, and run aesm outside docker (on the host OS)

overview

Just add another device mapping to the command to have aesm.socket works in SGX. This requires step 3 finished on the host OS and /var/run/aesmd/aesm.socket exists on the host OS.

$ docker run --rm -ti \
             --device /dev/isgx \                               # forward isgx device
             -v /path/to/rust-sgx-sdk:/root/sgx \               # add SDK
             -v /var/run/aesmd:/var/run/aesmd \                 # forward domain socket
             baiduxlab/sgx-rust

Then you can skip launching aesmd in the docker container.

# CI setup

The only known solution:drone.io is provided by @elichai. We've set it up successfully.

Last Updated: 9/14/2021, 1:11:22 PM

is_x86_feature_detected in Teaclave SGX SDK

Apache Teaclave (incubating) is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF. Copyright © 2020 The Apache Software Foundation. Licensed under the Apache License, Version 2.0. Apache Teaclave, Apache, the Apache feather, and the Apache Teaclave project logo are either trademarks or registered trademarks of the Apache Software Foundation.