2016-06-23 21:24:11 +00:00
Intel(R) Software Guard Extensions for Linux\* OS
================================================
# linux-sgx
Introduction
------------
Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.
The Linux SGX software stack is comprised of the SGX driver, the SGX SDK, and the SGX Platform Software. The SGX SDK and SGX PSW are hosted in the [linux-sgx ](https://github.com/01org/linux-sgx ) project.
The [linux-sgx-driver ](https://github.com/01org/linux-sgx-driver ) project hosts the out-of-tree driver for the Linux SGX software stack, which will be used until the driver upstreaming process is complete.
License
-------
See License.txt for details.
2016-07-27 03:32:55 +00:00
Contributing
-------
See CONTRIBUTING.md for details.
2016-06-23 21:24:11 +00:00
Documentation
-------------
- [Intel(R) SGX for Linux\* OS][1] project home page on [01.org ](http://01.org )
- [Intel(R) SGX Programming Reference][2]
[1]: https://01.org/intel-softwareguard-extensions
[2]: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf
Build and Install the Intel(R) SGX Driver
-----------------------------------------
Follow the instructions in the [linux-sgx-driver ](https://github.com/01org/linux-sgx-driver ) project to build and install the SGX driver.
Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
-------------------------------------------------------
###Prerequisites:
2016-06-24 08:30:00 +00:00
- Ensure that you have the following required operating systems:
2016-07-28 03:14:04 +00:00
Ubuntu\* Desktop-14.04-LTS 64bits
2016-06-24 08:30:00 +00:00
- Use the following command to install the required tools to build Intel(R) SGX SDK:
```
$ sudo apt-get install build-essential ocaml automake autoconf libtool
```
- Use the following command to install additional required tools to build Intel(R) SGX PSW:
```
$ sudo apt-get install libcurl4-openssl-dev protobuf-compiler protobuf-c-compiler libprotobuf-dev libprotobuf-c0-dev
```
- Use the script `download_prebuilt.sh` inside source code package to download prebuilt binaries to prebuilt folder
You may need set http proxy for wget tool used by the script (such as `export http_proxy=http://test-proxy:test-port` )
```
$ ./download_prebuilt.sh
```
2016-06-23 21:24:11 +00:00
###Build the Intel(R) SGX SDK and Intel(R) SGX PSW
2016-06-24 08:30:00 +00:00
The following steps describe how to build the Intel SGX SDK and PSW. You can build the project according to your requirement.
- To build both Intel SGX SDK and PSW with default configuration, enter the following command:
You can find the tools and libraries generated in the `build/linux` directory.
**Note** : You can also go to the sdk folder and use the `make` command to build the Intel SGX SDK component only. However, the building of PSW component is dependent on the building result of Intel SGX SDK.
```
$ make
```
- To build Intel SGX SDK and PSW with debug information, enter the following command:
```
$ make DEBUG=1
```
- To clean the files generated by previous `make` command, enter the following command:
```
$ make clean
```
2016-06-23 21:24:11 +00:00
###Build Intel(R) SGX SDK Installer
To build Intel(R) SGX SDK installer, enter the following command:
2016-06-24 08:30:00 +00:00
```
$ make sdk_install_pkg
```
2016-06-23 21:24:11 +00:00
You can find the generated Intel SGX SDK installer `sgx_linux_x64_sdk_${version}.bin` located under `linux/installer/bin/` , where `${version}` refers to the version number.
###Build Intel(R) SGX PSW Installer
To build Intel(R) SGX PSW installer, enter the following command:
2016-06-24 08:30:00 +00:00
```
$ make psw_install_pkg
```
2016-06-23 21:24:11 +00:00
You can find the generated Intel SGX PSW installer `sgx_linux_x64_psw_${version}.bin` located under `linux/installer/bin/` , where `${version}` refers to the version number.
Install Intel(R) SGX SDK
------------------------
###Prerequisites
2016-06-24 08:30:00 +00:00
- Ensure that you have the following required operating systems:
2016-06-23 21:24:11 +00:00
Ubuntu\*-14.04-LTS
- Use the following command to install the required tool to use Intel(R) SGX SDK:
2016-06-24 08:30:00 +00:00
```
$ sudo apt-get install build-essential
```
2016-06-23 21:24:11 +00:00
###Install Intel(R) SGX SDK
To install Intel(R) SGX SDK, execute the installer with root privilege:
2016-06-24 08:30:00 +00:00
```
$ cd linux/installer/bin
2016-06-24 08:45:39 +00:00
$ sudo ./sgx_linux_x64_sdk_${version}.bin
2016-06-24 08:30:00 +00:00
```
2016-06-23 21:24:11 +00:00
###Test Intel(R) SGX SDK Package with the Sample Codes
2016-06-24 08:30:00 +00:00
- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as
```
$ cp -r /opt/intel/sgxsdk/SampleCode ~
```
- Compile and run each sample codes in the simulation mode to make sure the package works well.
```
$ cd SampleCode/LocalAttestation
$ make
$ ./app
```
2016-06-23 21:24:11 +00:00
Use similar commands for other sample codes.
###Compile and Run the Sample Codes in the Hardware Mode
If you use an SGX hardware enabled machine, you need to run the sample codes in the hardware mode.
2016-06-24 08:30:00 +00:00
Ensure that you install SGX driver and Intel(R) SGX PSW installer on the machine.
2016-06-23 21:24:11 +00:00
See the topic, Install Intel(R) SGX PSW, on how to install the PSW package.
2016-06-24 08:30:00 +00:00
- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as
```
$ cp -r /opt/intel/sgxsdk/SampleCode ~
```
- Compile and run each sample codes in the debug mode.
```
$ cd SampleCode/LocalAttestation
$ make SGX_MODE=HW SGX_DEBUG=1
$ ./app
```
2016-06-23 21:24:11 +00:00
Use similar commands for other sample codes.
Install Intel(R) SGX PSW
------------------------
###Prerequisites
2016-06-24 08:30:00 +00:00
- Ensure that you have the following required operating systems:
2016-06-23 21:24:11 +00:00
Ubuntu\*-14.04-LTS 64bits
2016-06-24 08:30:00 +00:00
- Ensure that you have the following required hardware:
2016-06-23 21:24:11 +00:00
6th Generation Intel(R) Core(TM) Processor (code named Skylake)
2016-06-24 08:30:00 +00:00
- Configure the system with the **SGX hardware enabled** option and install SGX driver in advance.
2016-06-23 21:24:11 +00:00
See the topic, Build and Install the Intel(R) SGX Driver, on how to install the SGX driver.
2016-06-24 08:30:00 +00:00
- Install the library using the following command:
```
2016-06-24 08:45:39 +00:00
$ sudo apt-get install libcurl4-openssl-dev libprotobuf-dev libprotobuf-c0-dev
2016-06-24 08:30:00 +00:00
```
2016-06-23 21:24:11 +00:00
###Install Intel(R) SGX PSW
2016-06-24 08:30:00 +00:00
To install Intel(R) SGX PSW, execute the installer with root privilege:
```
$ cd linux/installer/bin
2016-06-24 08:45:39 +00:00
$ sudo ./sgx_linux_x64_psw_${version}.bin
2016-06-24 08:30:00 +00:00
```
2016-06-23 21:24:11 +00:00
###Start or Stop aesmd Service
2016-06-24 08:30:00 +00:00
The Intel(R) SGX PSW installer installs an aesmd service in your machine which is running in a special linux account aesmd.
To stop the service: `$ sudo service aesmd stop`
To start the service: `$ sudo service aesmd start`
2016-06-23 21:24:11 +00:00
To restart the service: `$ sudo service aesmd restart`
###Configure the Proxy for aesmd Service
2016-06-24 08:30:00 +00:00
The aesmd service uses HTTP protocol to initialize some services.
If proxy is required for HTTP protocol, you may need manually setup the proxy for aesmd service.
You should manually edit file `/etc/aesmd.conf` (refer the comment in the file) to set the proxy for aesmd service.
2016-06-23 21:24:11 +00:00
After you configure the proxy, you need to restart the service to enable the proxy.