ubuntu20.4 sgx环境配置
一、driver安装
1.在该下载地址将3个.bin文件下载下来,下载地址:https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu20.04-server/
2.到下载文件夹下输入下面命令,以赋予.bin文件的执行权限
sudo chmod 777 sgx_linux_x64_driver_2.11.054c9c4c.bin
3.运行该bin文件,完成驱动安装
二、准备阶段
安装dkms
apt-get install dkms
1.安装编译SGX SDK要用到的工具
sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl
2.安装编译SGX PSW要用到的工具
sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip pkgconf libboost-dev libboost-system-dev protobuf-c-compiler libprotobuf-c-dev lsb-release
3.从仓库获取源码,到下载文件夹下,输入
git clone https://github.com/intel/linux-sgx.git
cd linux-sgx && make preparation
此处可能会因为网络原因执行失败,多次尝试执行make preparation后一般会成功
4.把准备好的工具列表添加到全局变量中,方便之后编译工作的展开。到linux-sgx文件夹下,输入以下命令:
sudo cp external/toolset/{current_distr}/* /usr/local/bin
将{current_distr}替换为当前的操作系统。
再用下面这个语句检查是不是添加成功:
which as ld objdump
5.编译SGX SDK和SGX SDK安装工具(installer),进入linux-sgx文件夹,输入以下命令
make sdk
运行完成后,再输入以下命令
make sdk_install_pkg
成功运行的话,在linux-sgx/linux/installer/bin文件夹下会有一个sgx_linux_x64_sdk_${version}.bin文件生成。
三、sdk安装
1.安装好需要用到的工具,输入以下命令
sudo apt-get install build-essential python
2.安装sdk,进入linux-sgx文件夹,输入以下两条命令
cd linux/installer/bin
./sgx_linux_x64_sdk_${version}.bin
注意:运行第二条命令时,它询问是否安装在当前文件夹的时候,最好选择“no”,然后输入/opt/intel/, 即将SGX SDK安装在/opt/intel/文件夹下。
3.安装完成后,根据提示输入source命令。
四、psw安装
参考https://github.com/intel/linux-sgx
1.命令行运行以下命令添加下载Intel sgx psw的下载路径
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
注意,与ubuntu18.04不同,ubuntu20为ubuntu focal main。
2.进入如下网址下载密钥intel-sgx-deb.key
https://download.01.org/intel-sgx/sgx_repo/ubuntu/
3.进入下载目录,通过如下命令添加进仓库
sudo apt-key add intel-sgx-deb.key
运行后等一会儿看到【ok】就是运行成功。
4.更新一下apt-get的列表
sudo apt-get update
如果系统报错deb无法识别,进入/etc/apt/sources.list.d目录,修改intel-sgx.list文件,去掉deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main两侧的引号。
5.分别安装SGX PSW 提供的3个服务
分别是launch、EPID-based attestation和Algorithm agnostic attestation,输入以下命令
| service |
| Red Hat Enterprise Linux 8.6, CentOS Stream 8 and CentOS 8.3 | ||
|---|---|---|---|---|
| launch service | apt-get install libsgx-launch libsgx-urts | yum install libsgx-launch libsgx-urts | ||
| EPID-based attestation service | apt-get install libsgx-epid libsgx-urts | yum install libsgx-epid libsgx-urts | ||
| algorithm agnostic attestation service | apt-get install libsgx-quote-ex libsgx-urts | yum install libsgx-quote-ex libsgx-urts | ||
| DCAP ECDSA-based service | apt-get install libsgx-dcap-ql | yum install libsgx-dcap-ql |
五、测试是否安装成功
进入安装目录(我的是/opt/intel/sgxsdk),再进入/SampleCode/SampleEnclave目录
1.首先准备一下编译环境,输入如下命令
source /opt/intel/sgxsdk/environment
2.编译
make
3.运行
./app
结果返回如下
Checksum(0x0x7ffda4d55720, 100) = 0xfffd4143
Info: executing thread synchronization, please wait...
Info: SampleEnclave successfully returned.
Enter a character before exit ...
恭喜,环境配置成功!
如果安装完之后,应用使用有如下问题,建议尝试重启机器
最后十分感谢我所参考的博主分享的教程
https://blog.csdn.net/myt1018/article/details/124393622
其余参考链接
https://github.com/intel/linux-sgx
https://download.01.org/intel-sgx/sgx-dcap/1.14/linux/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf
另一个参考的安装方式
顺序一定要对,否则需要全部卸载重装
3、安装driver、SDK、PSW
- 安装driver
最新版本是2.14但实测有问题
sudo apt install -y build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev git cmake perl pkg-config libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper reprepro unzip
git clone -b sgx_diver_2.11 https://github.com/intel/linux-sgx-driver.git
cd linux-sgx-driver && make
sudo mkdir -p "/lib/modules/`uname -r`/kernel/drivers/intel/sgx"
sudo cp isgx.ko "/lib/modules/`uname -r`/kernel/drivers/intel/sgx"
sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules"
sudo /sbin/depmod
sudo /sbin/modprobe isgx- 安装SDK
git clone -b sgx_2.22 https://github.com/intel/linux-sgx.git
cd linux-sgx && make preparation
sudo cp external/toolset/ubuntu20.04/* /usr/local/bin
make sdk_install_pkg
sudo ./linux/installer/bin/sgx_linux_x64_sdk_2.22.100.3.bin << EOF
no
/opt/intel
EOF
source /opt/intel/sgxsdk/environment
echo "source /opt/intel/sgxsdk/environment" >> ~/.bashrc- 安装PSW
make psw_install_pkg
sudo ./linux/installer/bin/sgx_linux_x64_psw_2.22.100.3.bin
其他问题:
OpenEnclave安装驱动sdk:
https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_20.04.md
https://github.com/edgelesssys/sgx-troubleshoot#sgx-troubleshooting
有关不支持EPID的cpu型号:
在iceLake之前的型号才支持EPID,14nm系列
