Showing results for 
Search instead for 
Did you mean: 
New Contributor I

Build the architecture enclaves from source code

I tried two ways to build the pre-built binaries by myself. I am working on the 1.9 version with gcc-5.4.0 on Ubuntu 16.04.4.

  1. Use make USE_OPT_LIBS=0 to use the non-optimized source code version implementation, as stated in the Then make sdk_install_pkg USE_OPT_LIBS=0 succeeds, make psw_install_pkg USE_OPT_LIBS=0 fails. It still looks for the pre-built binaries in the folder psw/ae/data/prebuilt.
  2. Build each Architecture Enclave by using the make command from the corresponding folder, e.g. in the psw/ae/qe folder. There turns out to be some compiling errors or link errors.

I am trying to understand how the quoting enclave works. Is the pre-built compiled from the provided sources? Is it all right to refer to the implementation in the qe folder?

Any help is appreciated. Thanks



0 Kudos
3 Replies

All prebuilt AE's are built with optimized libraries.

The build command USE_OPT_LIBS=0 make psw_install_pkg  succeeds .

Can you check if  your default build configuration work fine ?



New Contributor I

The default compiling option `make psw_install_pkg` works fine. I'd like to understand the design of the prebuilt Can I look into the source code of `psw/ae/qe/`? I assume the source code and the prebuilt binaries are following the same routine to generate the quote. Thanks.



What I am trying to do is something similar but for PSE (Platform Service Enclave). I have made changes to the pse code under (/psw/ae/pse/pse_op) and it is being compiled. I used the option USE_OPT_LIBS=0 to compile the source, and after solving various errors, I am able to successfully compile sdk and psw code (also the code which I have changed in pse_op eventually generating "" file), and then install the binaries in the proper folders. I have verified that the proper folders have my compiled "" instead of intel provided "" prebuilt files.

Now when I try running a simple "sgx_create_pse_session()" from an enclave, it fails with the error code "0x4001" which corresponds to "SGX_ERROR_SERVICE_UNAVAILABLE" and the comments say "Indicates aesm didn't respond or the requested service is not supported" according to the "sgx_error.h" file. Since creating a PSE session with the PSE enclave is supported, I feel like the problem is that aesm service is not responding. What I believe is that the pse_op enclave source code which I built into an enclave file ( is not signed by Intel keys, the aesm service is rejecting it. Kindly, correct me if my analysis is incorrect. Also, is there a way through which I can disable the feature in aesm which looks for the Intel signed enclave? Or I can sign the enclave with a new key and make aesm accept that?

I really need an answer to it because I need to implement a new service in PSE for my own development and testing purpose. Would appreciate help from Intel folks.