mirror of
https://github.com/corda/corda.git
synced 2024-12-28 00:38:55 +00:00
6bb9d0015a
commit 2133df2d4ad82119333a003c8f05156998550615
Merge: 0356eb624 f2cf6d18a
Author: yuyuany <yuan.yu@intel.com>
Date: Wed Sep 13 10:06:33 2017 +0800
Merge pull request #155 from 01org/revert-151-ocall_exit_enclave
Revert "Check for crash in sgx_ocall and exit enclave if enclave is crashed"
commit f2cf6d18aa73fdaa916f95b1f3c5ac605a90ff06
Author: yuyuany <yuan.yu@intel.com>
Date: Thu Sep 7 15:21:45 2017 +0800
Revert "Check for crash in sgx_ocall and exit enclave if enclave is crashed"
commit 0356eb6249ed93510ca66f057a5ae74dda7b10a2
Merge: 2fe247145 38023b61a
Author: lzha101 <lili.z.zhang@intel.com>
Date: Wed Sep 6 15:58:16 2017 +0800
Merge pull request #153 from greglaun/greglaun-typos
Correct typos in some of the sample apps.
Signed-off-by: Zhang Lili lili.z.zhang@intel.com
commit 2fe247145943827f04eea8e065a8ad3b0a3d11bd
Merge: df9b03289 2e00f11ed
Author: Li Xun <xun.li@intel.com>
Date: Wed Sep 6 14:10:42 2017 +0800
Merge pull request #154 from llly/pull
Fix build issues with latest OpenSSL and Gcc
commit 2e00f11ed5a2e48445aeabd668105161a55a4502
Author: Vytautas Mickus <vmickus@gmx.com>
Date: Sat Jul 15 21:00:57 2017 +0300
Make code compatible with OpenSSL 1.0 and 1.1
commit 95ea2c21a921ceb3851b090f092709c5b08b9b37
Author: Vytautas Mickus <vmickus@gmx.com>
Date: Sat Jul 15 21:12:03 2017 +0300
Tell gcc about the fallthroughs (needed because of -Werror in makefiles)
commit 6e0580d110d4c799e0c8aba0cdadee46efe15055
Author: Vytautas Mickus <vmickus@gmx.com>
Date: Sat Jul 15 21:22:55 2017 +0300
Use `uname -m` instead of `arch` in installer.
commit 38023b61aaa8f76fbad4391ecafd1342d9a2b4f0
Author: Greg Laun <greg.laun@gmail.com>
Date: Tue Sep 5 12:33:37 2017 -0700
Correct typos in some of the sample apps.
Signed-off-by: Greg Laun <greg.laun@gmail.com>
commit df9b0328986784b603ce0b5af847d15382c795cb
Merge: a2f33d828 a20449f5f
Author: lzha101 <lili.z.zhang@intel.com>
Date: Tue Sep 5 10:41:22 2017 +0800
Merge pull request #151 from yuyuany/ocall_exit_enclave
Check for crash in sgx_ocall and exit enclave if enclave is crashed.
Signed-off-by: Zhang Lili lili.z.zhang@intel.com
commit a20449f5f85acd4e482c35dd6f8f27f36a3caa60
Author: Yu Yuan <yuan.yu@intel.com>
Date: Fri Sep 1 22:46:27 2017 +0800
tRTS check the enclave crash state when doing an OCALL. If the enclave is crashed, tRTS unwind the stack to ECALL, and exit the enclave with SGX_ERROR_ENCLAVE_CRASHED.
Signed-off-by: Yu Yuan <yuan.yu@intel.com>
commit a2f33d828bc76b49256e9a3128254e3322ef5d52
Merge: aa8e9755a 6979d8180
Author: Andy Zhao <yebin.andy.zhao@intel.com>
Date: Mon Aug 28 16:30:00 2017 +0800
Merge pull request #149 from lzha101/add_missing_delete
Add two missing delete functions
commit 6979d818077c310ec4e75a56937b5aa87b718dae
Author: Zhang Lili <lili.z.zhang@intel.com>
Date: Mon Aug 28 23:17:47 2017 +0800
Add two missing delete functions.
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit aa8e9755aaecc4c04ed3f3993a1596adb4ba6286
Author: Dionna Glaze <dionnaglaze@google.com>
Date: Wed Aug 2 10:48:18 2017 -0700
Move pms pointer validation before its dereference in local_vars definitions.
Also fix "sgx_status_t" typo in generated comment.
commit 6f0e20cfd992c073aefe76926d28893c51f52445
Author: John Mechalas <john.p.mechalas@intel.com>
Date: Thu Aug 10 19:00:34 2017 -0700
Implements most of libsgx_capable for Linux (previously only available in the Windows SDK) (#107)
* Adds libsgx_capable, which is currently only available in the Windows
version of the Intel SGX SDK. The Linux implementation of this library
adds the following functions:
sgx_status_t sgx_is_capable (int *sgx_capable);
sgx_status_t sgx_cap_get_status (sgx_device_status_t *sgx_device_status);
sgx_status_t sgx_cap_enable_device (sgx_device_status_t *sgx_device_status);
And adds the following error code (also from the Windows version of the
Intel SGX SDK):
SGX_ERROR_NO_PRIVILEGE
Generates both a static and dynamic build of libsgx_capable. This is
incorporated into the SDK package, not the PSW package, since software
installers need to check for Intel SGX capability on systems where the PSW
may not already be installed. This means that installers will either have
to statically link, or distribute the .so with their installation package.
----------------------
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
660 York Street, Suite 102,
San Francisco, CA 94110 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Signed-off-by: John P Mechalas <john.p.mechalas@intel.com>
commit 268b206f15f25671382b95c5650422b335d5c446
Merge: 803250734 136610236
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Jul 28 12:38:05 2017 +0800
Merge pull request #129 from dingelish/master
Fix a mis-understood memory alignment in enclave_create().
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 1366102364ce67f8c63eaba9bdae80c08634f07f
Author: Yu Ding <dingyu02@baidu.com>
Date: Mon Jul 24 20:00:04 2017 -0700
Fix to a mis-understood in enclave_create(). The memory alignment is mistakenly done twice. Once in urts and once in driver. It is unnecessary. This bug has a great impact on the upper limit of enclave memory.
commit 803250734883037a4a1f69085fb31daa6bd8448b
Author: Li Xun <xun.li@intel.com>
Date: Tue Jul 25 10:44:47 2017 +0800
Update server port to 80 (#128)
Signed-off-by: Li, Xun <xun.li@intel.com>
commit d42cd14bdd01a43c58554a4c73231733426356cd
Author: Jaak Randmets <jaak.ra+github@gmail.com>
Date: Mon Jul 24 09:04:03 2017 +0300
Merge pull request #124 from Jaak/master
Improve const correctness of sgx_fopen and sgx_fimport_auto_key.
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 8383b8c65f49fca017c62eb7efdd97a212829caf
Merge: 0fb9f47e7 768c95174
Author: lzha101 <lili.z.zhang@intel.com>
Date: Tue Jul 4 09:39:53 2017 +0800
Merge pull request #120 from aminueza/master
Fixes sdk and psw version in download_prebuild.sh script
Zhang Lili <lili.z.zhang@intel.com>
commit 768c95174150e64207b31f5a733bccba25085775
Author: Amanda Souza <amandasouza@quimera.lsd.ufcg.edu.br>
Date: Mon Jul 3 15:22:45 2017 -0300
Fixes sdk and psw version in download_prebuild.sh script
Signed-off-by: Amanda Souza <amandasouza@quimera.lsd.ufcg.edu.br>
commit 0fb9f47e784261369c52c1b49d1484f34409ecaf
Author: Li, Xun <xun.li@intel.com>
Date: Fri Jun 30 15:51:16 2017 +0800
Linux 1.9 Open Source Gold release
Signed-off-by: Li, Xun <xun.li@intel.com>
commit 199911ebaf60d068e4641331a06e71462ba8d324
Merge: 109545891 a2abe4b0d
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Jun 16 12:42:58 2017 +0800
Merge pull request #115 from danzsmith53/master
Update README.md
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit a2abe4b0d0490112fff7eb9669adf9d0bc866c54
Author: Daniel Smith <daniel.e.smith@intel.com>
Date: Wed May 31 16:21:21 2017 -0700
Update README.md
Updated grammar and style many places throughout file
Signed-off-by: Daniel Smith <daniel.e.smith@intel.com>
commit 1095458916fafd9e5870403e1d50cd7e1ca379bc
Merge: a4bfecb96 d6acac1d2
Author: Li Xun <xun.li@intel.com>
Date: Mon Jun 12 09:26:58 2017 +0800
Merge pull request #113 from mitar/patch-3
pkg-config is needed for compilation
commit a4bfecb965a7588dc073a295dd842c301bbf075c
Merge: 02b7d490a 6a7ec7a8c
Author: lzha101 <lili.z.zhang@intel.com>
Date: Thu Jun 8 13:10:03 2017 +0800
Merge pull request #112 from mitar/patch-2
Removing sudo
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 6a7ec7a8c14ee2ee8f6977110dae9fe99137064d
Author: Mitar <mitar.github@tnode.com>
Date: Sun Jun 4 14:18:07 2017 -0700
Removing sudo.
The whole script has to be run as root anyway.
Signed-off-by: Mi Tar <mitar.github@tnode.com>
commit d6acac1d25e67516dc6cb8d1dc7b155416078bb1
Author: Mitar <mitar.github@tnode.com>
Date: Sun Jun 4 16:47:43 2017 -0700
pkg-config is needed for compilation.
See: https://github.com/01org/dynamic-application-loader-host-interface/issues/2#issuecomment-306074645
Signed-off-by: Mi Tar <mitar.github@tnode.com>
commit 02b7d490aca40af134166221c9b4f332f6ca947a
Author: Li, Xun <xun.li@intel.com>
Date: Tue May 16 08:40:33 2017 +0800
fix a aesm_service IPC bug
aesm_service handles closed client socket incorrectly found in #101
Signed-off-by: Li, Xun <xun.li@intel.com>
commit f287674fef604f4a6ef8710033f6a091fe644d7a
Merge: ce0f128d2 e7f074381
Author: Li Xun <xun.li@intel.com>
Date: Fri May 12 16:10:42 2017 +0800
Merge pull request #91 from sean-jc/docker/merge
Add support for running the AESM and SGX applications in Docker
commit e7f0743812b065750135220a37d890988633cc64
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: Thu Mar 30 09:26:47 2017 -0700
Add --no-daemon option to AESM
Application container runtimes, e.g. Docker and RKT, do not provide a
program manager, e.g. systemd, inside the container, and so attempting
to run AESM as a daemon will fail. Add --no-daemon to allow running
the AESM in a container as a normal process, i.e. do not call daemon().
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
commit ce0f128d290e116748a78899673709730ac45964
Author: Li, Xun <xun.li@intel.com>
Date: Mon May 8 09:01:52 2017 +0800
fix aesm_service compilation with latest openssl
Signed-off-by: Li, Xun <xun.li@intel.com>
commit fd91609f543ae08991d76d94d28c4ec300bcbc84
Merge: 9e0c32ee5 75336444e
Author: lzha101 <lili.z.zhang@intel.com>
Date: Wed Apr 19 13:41:12 2017 +0800
Merge pull request #96 from lzha101/master
Fix alignment issue for metadata section
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 75336444e867082159cd7c99bbe0eca57013c806
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Apr 14 16:03:48 2017 +0800
Update comment
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit d455716f9c00265976870d167ee2fae52f354daf
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Apr 14 15:45:41 2017 +0800
Update ELF parser for metadata alignment
Signed-off-by: Lili Zhang <lili.z.zhang@intel.com>
commit 2224616cb4675c0225a3e1080059f3360e69f800
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Apr 14 15:43:05 2017 +0800
Change alignment for metadata section
Signed-off-by: Lili Zhang <lili.z.zhang@intel.com>
commit 9e0c32ee57f7dbd343cc1d75303e308b58b1fe93
Author: lzha101 <lili.z.zhang@intel.com>
Date: Thu Apr 13 10:33:35 2017 +0800
Fix typo flase -> false in urts_internal.cpp
Fix typo flase -> false in urts_internal.cpp
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 765af6169d80beada705086ec9d5226bbdd96218
Merge: 0cbb1f074 38b3d5f46
Author: lzha101 <lili.z.zhang@intel.com>
Date: Thu Apr 13 10:30:06 2017 +0800
Merge pull request #94 from neo9ree/master
fixed typo flase -> false in psw/urts/linux/urts.cpp:45
Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>
commit 0cbb1f074d4b805a0492f6a000c5ddd1fda9efd7
Author: Li, Xun <xun.li@intel.com>
Date: Mon Apr 10 14:24:45 2017 +0800
Update Linux_SGXEclipsePlugin
Signed-off-by: Li, Xun <xun.li@intel.com>
commit 38b3d5f4635c617d8181f3b8c1c6aa109a81dc21
Author: Eunchan Kim <eunchan.kim@kaist.ac.kr>
Date: Thu Apr 6 15:31:02 2017 +0900
fixed typo flase -> false in psw/urts/linux/urts.cpp:45
Signed-off-by: Eunchan Kim <eunchan.kim@kaist.ac.kr>
commit 56783b38820f82dcb37f1f48c37a5f705ddf7358
Merge: e5c01189d 885287c13
Author: Li Xun <xun.li@intel.com>
Date: Wed Apr 5 12:29:14 2017 +0800
Merge pull request #92 from dcmiddle/fix-readme-pse-install
fix readme section for PSW install
commit 885287c13df2519ca0318bd908b3827d6e247e17
Author: Dan Middleton <dan.middleton@intel.com>
Date: Fri Mar 31 22:16:38 2017 -0500
fix readme section for PSW install
add missing cmake prerequisite to ubuntu instructions
correct typos on systemctl
Signed-off-by: Dan Middleton <dan.middleton@intel.com>
commit 65965c6ab61d103028b8b6a886b57e98ccf7ea9d
Author: Sean Christopherson <sean.j.christopherson@intel.com>
Date: Tue Feb 7 12:51:44 2017 -0800
Bind the AESM socket to /var/run/aesmd/aesm.socket
Exposing sockets to Docker containers is typically done via bind
mounts, which does not work for abstract sockets since they don't
exist in the file system.
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
commit e5c01189d318e8c59f576377e231c159ffb71abb
Author: Li, Xun <xun.li@intel.com>
Date: Thu Mar 30 13:45:20 2017 +0900
update white list URL
Signed-off-by: Li, Xun <xun.li@intel.com>
commit 072f4e40c0a5f6b7b27bf77f00872853933bd33a
Author: Li, Xun <xun.li@intel.com>
Date: Fri Mar 24 11:20:35 2017 +0900
add missing error code logging in aesm_service
Signed-off-by: Li, Xun <xun.li@intel.com>
commit c7a3f14de9dbda16fd0fa1edbce1af24b350a678
Author: Li, Xun <xun.li@intel.com>
Date: Mon Mar 20 14:14:23 2017 +0900
update instructions in README
Signed-off-by: Li, Xun <xun.li@intel.com>
commit 525cefa817457d8a412d64677d347ebe64f0f77a
Merge: 1115c195c 157108515
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Mar 17 11:32:05 2017 +0800
Merge pull request #86 from lzha101/master
Update README.md
Signed-off-by: Lili Zhang <lili.z.zhang@intel.com>
commit 157108515551a5b465e7ba5e977df5c3e8df20b9
Author: lzha101 <lili.z.zhang@intel.com>
Date: Fri Mar 17 11:23:06 2017 +0800
Update README.md
Update README.md: fix format, update hardware requiremet, etc.
Signed-off-by: Lili Zhang <lili.z.zhang@intel.com>
commit 1115c195cd60d5ab2b80c12d07e21663e5aa8030
Author: Li, Xun <xun.li@intel.com>
Date: Thu Mar 16 15:30:38 2017 +0900
Linux 1.8 Open Source Gold release
Signed-off-by: Li, Xun <xun.li@intel.com>
commit 2e379dc79fb58cdf921e36d617e6e4b9d694301c
Merge: 0d8a7d248
|
||
|---|---|---|
| .. | ||
| build-scripts | ||
| common | ||
| external | ||
| linux/installer | ||
| Linux_SGXEclipsePlugin | ||
| psw | ||
| SampleCode | ||
| sdk | ||
| .gitignore | ||
| buildenv.mk | ||
| CONTRIBUTING.md | ||
| download_prebuilt.sh | ||
| License.txt | ||
| Makefile | ||
| README.md | ||
Intel(R) Software Guard Extensions for Linux* OS
linux-sgx
Introduction
Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.
The Linux* Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the linux-sgx project.
The linux-sgx-driver project hosts the out-of-tree driver for the Linux* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete.
Note This repository includes a subset of the Intel(R) Integrated Performance Primitives (IPP) Cryptography library under external/crypto_px. It is provided as reference implementation for the cryptographic primitives used in SDK and PSW. The primitives are written in pure C and are not optimized for performance. Instructions are provided below for building the SDK and PSW with both precompiled optimized IPP binaries and the non-optimized source code version.
License
See License.txt for details.
Contributing
See CONTRIBUTING.md for details.
Documentation
- Intel(R) SGX for Linux* OS project home page on 01.org
- Intel(R) SGX Programming Reference
Build and Install the Intel(R) SGX Driver
Follow the instructions in the linux-sgx-driver project to build and install the Intel(R) SGX driver.
Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package
Prerequisites:
-
Ensure that you have one of the following required operating systems:
- Ubuntu* Desktop-16.04-LTS 64bits
- Red Hat Enterprise Linux Server release 7.3 64bits
- CentOS 7.3.1611 64bits
-
Use the following command(s) to install the required tools to build the Intel(R) SGX SDK:
- On Ubuntu 16.04:
$ sudo apt-get install build-essential ocaml automake autoconf libtool wget python- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
$ sudo yum groupinstall 'Development Tools' $ sudo yum install ocaml wget python -
Use the following command to install additional required tools to build the Intel(R) SGX PSW:
- On Ubuntu 16.04:
$ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
$ sudo yum install openssl-devel libcurl-devel protobuf-compiler protobuf-devel -
Use the script
download_prebuilt.shinside source code package to download prebuilt binaries to prebuilt folder
You may need set an https proxy for thewgettool used by the script (such asexport https_proxy=http://test-proxy:test-port)
$ ./download_prebuilt.sh
Build the Intel(R) SGX SDK and Intel(R) SGX PSW
The following steps describe how to build the Intel(R) SGX SDK and PSW. You can build the project according to your requirements.
- To build both Intel(R) SGX SDK and PSW with default configuration, enter the following command:
$ make
You can find the tools and libraries generated in the build/linux directory.
Note: You can also go to the sdk folder and use the make command to build the Intel(R) SGX SDK component only. However, building the PSW component is dependent on the result of building the Intel(R) SGX SDK.
- The default build uses precompiled optimized libraries, which are downloaded by the script
./download_prebuilt.sh. You can also use the non-optimized source code version implementation instead by entering the following command:
$ make USE_OPT_LIBS=0
- To build Intel(R) SGX SDK and PSW with debug information, enter the following command:
$ make DEBUG=1
- To clean the files generated by previous
makecommand, enter the following command:
$ make clean
- The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE/PSE-OP/PSE-PR) and applet(PSDA) - the files
psw/ae/data/prebuilt/libsgx_*.signed.soandpsw/ae/data/prebuilt/PSDA.dalp, which have been signed by Intel in advance. To build those enclaves by yourself (without a signature), first you need to build both Intel(R) SGX SDK and PSW with the default configuration. After that, you can build each Architecture Enclave by using themakecommand from the corresponding folder:
$ cd psw/ae/le
$ make
Build the Intel(R) SGX SDK Installer
To build the Intel(R) SGX SDK installer, enter the following command:
$ make sdk_install_pkg
You can find the generated Intel(R) SGX SDK installer sgx_linux_x64_sdk_${version}.bin located under linux/installer/bin/, where ${version} refers to the version number.
Note: The above command builds the Intel(R) SGX SDK with default configuration firstly and then generates the target SDK Installer. To build the Intel(R) SGX SDK Installer with debug information kept in the tools and libraries, enter the following command:
$ make sdk_install_pkg DEBUG=1
Build the Intel(R) SGX PSW Installer
To build the Intel(R) SGX PSW installer, enter the following command:
$ make psw_install_pkg
You can find the generated Intel(R) SGX PSW installer sgx_linux_x64_psw_${version}.bin located under linux/installer/bin/, where ${version} refers to the version number.
Note: The above command builds the Intel(R) SGX SDK and PSW with default configuration firstly and then generates the target PSW Installer. To build the Intel(R) SGX PSW Installer with debug information kept in the tools and libraries, enter the following command:
$ make psw_install_pkg DEBUG=1
Install the Intel(R) SGX SDK
Prerequisites
- Ensure that you have one of the following operating systems:
- Ubuntu* Desktop-16.04-LTS 64bits
- Red Hat Enterprise Linux Server release 7.3 64bits
- CentOS 7.3.1611 64bits
- Use the following command to install the required tool to use Intel(R) SGX SDK:
- On Ubuntu 16.04:
$ sudo apt-get install build-essential python- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
$ sudo yum groupinstall 'Development Tools' $ sudo yum install python
Install the Intel(R) SGX SDK
To install the Intel(R) SGX SDK, invoke the installer, as follows:
$ cd linux/installer/bin
$ ./sgx_linux_x64_sdk_${version}.bin
Test the Intel(R) SGX SDK Package with the Code Samples
- Compile and run each code sample in Simulation mode to make sure the package works well:
$ cd SampleCode/LocalAttestation
$ make SGX_MODE=SIM
$ ./app
Use similar commands for other sample codes.
Compile and Run the Code Samples in the Hardware Mode
If you use an Intel SGX hardware enabled machine, you can run the code samples in Hardware mode.
Ensure that you install Intel(R) SGX driver and Intel(R) SGX PSW installer on the machine.
See the earlier topic, Build and Install the Intel(R) SGX Driver, for information on how to install the Intel(R) SGX driver.
See the later topic, Install Intel(R) SGX PSW, for information on how to install the PSW package.
- Compile and run each code sample in Hardware mode, debug build, as follows:
$ cd SampleCode/LocalAttestation
$ make
$ ./app
Use similar commands for other code samples.
Install the Intel(R) SGX PSW
Prerequisites
- Ensure that you have one of the following operating systems:
- Ubuntu* Desktop-16.04-LTS 64bits
- Red Hat Enterprise Linux Server release 7.3 64bits
- CentOS 7.3.1611 64bits
- Ensure that you have a system with the following required hardware:
- 6th Generation Intel(R) Core(TM) Processor or newer
- Configure the system with the Intel SGX hardware enabled option and install Intel(R) SGX driver in advance.
See the earlier topic, Build and Install the Intel(R) SGX Driver, for information on how to install the Intel(R) SGX driver. - Install the library using the following command:
- On Ubuntu 16.04:
$ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
$ sudo yum install openssl-devel libcurl-devel protobuf-devel - To use Trusted Platform Service functions:
Ensuremei_medriver is enabled and/dev/mei0exists.
Download iclsClient and install it using the following commands:- On Ubuntu 16.04:
$ sudo apt-get install alien $ sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm $ sudo dpkg -i iclsclient_1.45.449.12-2_amd64.deb- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
Download source code from dynamic-application-loader-host-interface project. In the source code folder, build and install the$ sudo yum install iclsClient-1.45.449.12-1.x86_64.rpmJHIservice using the following commands:- On Ubuntu 16.04:
$ sudo apt-get install uuid-dev libxml2-dev cmake pkg-config $ cmake .;make;sudo make install;sudo systemctl enable jhi- On Red Hat Enterprise Linux 7.3 and CentOS 7.3:
$ sudo yum install libuuid-devel libxml2-devel cmake pkgconfig $ cmake .;make;sudo make install;sudo ldconfig;sudo systemctl enable jhi
Install the Intel(R) SGX PSW
To install the Intel(R) SGX PSW, invoke the installer with root privilege:
$ cd linux/installer/bin
$ sudo ./sgx_linux_x64_psw_${version}.bin
Start or Stop aesmd Service
The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account aesmd.
To stop the service: $ sudo service aesmd stop
To start the service: $ sudo service aesmd start
To restart the service: $ sudo service aesmd restart
Configure the Proxy for aesmd Service
The aesmd service uses the HTTP protocol to initialize some services.
If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service.
You should manually edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service.
After you configure the proxy, you need to restart the service to enable the proxy.