diff --git a/README.md b/README.md new file mode 100644 index 0000000000..d0dd507f1b --- /dev/null +++ b/README.md @@ -0,0 +1,123 @@ +Intel(R) Software Guard Extensions for Linux\* OS +================================================ + +# linux-sgx + +Introduction +------------ +Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. + +The Linux SGX software stack is comprised of the SGX driver, the SGX SDK, and the SGX Platform Software. The SGX SDK and SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project. + +The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux SGX software stack, which will be used until the driver upstreaming process is complete. + +License +------- +See License.txt for details. + +Documentation +------------- +- [Intel(R) SGX for Linux\* OS][1] project home page on [01.org](http://01.org) +- [Intel(R) SGX Programming Reference][2] +[1]: https://01.org/intel-softwareguard-extensions +[2]: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf + +Build and Install the Intel(R) SGX Driver +----------------------------------------- +Follow the instructions in the [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project to build and install the SGX driver. + +Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package +------------------------------------------------------- +###Prerequisites: +- Ensure that you have the following required operating systems: + Ubuntu\*-14.04-LTS 64bits +- Use the following command to install the required tools to build Intel(R) SGX SDK: + `$ sudo apt-get install build-essential ocaml automake autoconf libtool` +- Use the following command to install additional required tools to build Intel(R) SGX PSW: + `$ sudo apt-get install libcurl4-openssl-dev protobuf-compiler protobuf-c-compiler libprotobuf-dev libprotobuf-c0-dev` +- Use the script *download_prebuilt.sh* inside source code package to download prebuilt binaries to prebuilt folder + You may need set http proxy for wget tool used by the script (such as `export http_proxy=http://test-proxy:test-port`) + `$ ./download_prebuilt.sh` + +###Build the Intel(R) SGX SDK and Intel(R) SGX PSW +The following steps describe how to build the Intel SGX SDK and PSW. You can build the project according to your requirement. +1. To build both Intel SGX SDK and PSW with default configuration, enter the following command: + `$ make` + You can find the tools and libraries generated in the `build/linux` directory. + Note: You can also go to the sdk folder and use the `make` command to build the Intel SGX SDK component only. However, the building of PSW component is dependent on the building result of Intel SGX SDK. +2. To build Intel SGX SDK and PSW with debug information, enter the following command: + `$ make DEBUG=1` +3. To clean the files generated by previous `make` command, enter the following command: + `$ make clean` + +###Build Intel(R) SGX SDK Installer +To build Intel(R) SGX SDK installer, enter the following command: + `$ make sdk_install_pkg` +You can find the generated Intel SGX SDK installer `sgx_linux_x64_sdk_${version}.bin` located under `linux/installer/bin/`, where `${version}` refers to the version number. + +###Build Intel(R) SGX PSW Installer +To build Intel(R) SGX PSW installer, enter the following command: + `$ make psw_install_pkg` +You can find the generated Intel SGX PSW installer `sgx_linux_x64_psw_${version}.bin` located under `linux/installer/bin/`, where `${version}` refers to the version number. + +Install Intel(R) SGX SDK +------------------------ +###Prerequisites +- Ensure that you have the following required operating systems: + Ubuntu\*-14.04-LTS +- Use the following command to install the required tool to use Intel(R) SGX SDK: + `$ sudo apt-get install build-essential` + +###Install Intel(R) SGX SDK +To install Intel(R) SGX SDK, execute the installer with root privilege: + `$ sudo ./sgx_linux_x64_sdk_${version}.bin ` + +###Test Intel(R) SGX SDK Package with the Sample Codes +1. Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as + `$ cp -r /opt/intel/sgxsdk/SampleCode ~` +2. Compile and run each sample codes in the simulation mode to make sure the package works well. + `$ cd SampleCode/LocalAttestation` + `$ make` + `$ ./app` + Use similar commands for other sample codes. + +###Compile and Run the Sample Codes in the Hardware Mode +If you use an SGX hardware enabled machine, you need to run the sample codes in the hardware mode. +Ensure that you install SGX driver and Intel(R) SGX PSW installer on the machine. +See the topic, Install Intel(R) SGX PSW, on how to install the PSW package. +1. Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as + `$ cp -r /opt/intel/sgxsdk/SampleCode ~` +2. Compile and run each sample codes in the debug mode. + `$ cd SampleCode/LocalAttestation` + `$ make SGX_MODE=HW SGX_DEBUG=1` + `$ ./app` + Use similar commands for other sample codes. + +Install Intel(R) SGX PSW +------------------------ +###Prerequisites +- Ensure that you have the following required operating systems: + Ubuntu\*-14.04-LTS 64bits +- Ensure that you have the following required hardware: + 6th Generation Intel(R) Core(TM) Processor (code named Skylake) +- Configure the system with the **SGX hardware enabled** option and install SGX driver in advance. + See the topic, Build and Install the Intel(R) SGX Driver, on how to install the SGX driver. +- Install the library using the following command: + `$ sudo apt-get install libcurl4-openssl-dev libprotobuf-dev libprotobuf-c0-dev` + +###Install Intel(R) SGX PSW +To install Intel(R) SGX PSW, execute the installer with root privilege: + `$ sudo ./sgx_linux_x64_psw_${version}.bin` + +###Start or Stop aesmd Service +The Intel(R) SGX PSW installer installs an aesmd service in your machine which is running in a special linux account aesmd. +To stop the service: `$ sudo service aesmd stop` +To start the service: `$ sudo service aesmd start` +To restart the service: `$ sudo service aesmd restart` + +###Configure the Proxy for aesmd Service +The aesmd service uses HTTP protocol to initialize some services. +If proxy is required for HTTP protocol, you may need manually setup the proxy for aesmd service. +You should manually edit file `/etc/aesmd.conf` (refer the comment in the file) to set the proxy for aesmd service. +After you configure the proxy, you need to restart the service to enable the proxy. +