Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

SGX in WSL2

Benny_F_
Beginner
‎11-27-2020 07:23 AM
4,447 Views
Solved Jump to solution

Hello,

I guess that many of you know WSL (Windows Subsystem for Linux). Since a few month, WSL2 can be used on many Windows versions and according to Microsoft, "WSL 2 uses the latest and greatest in virtualization technology to run a Linux kernel inside of a lightweight utility virtual machine". 

For me, it would severely facilitate SGX development if I can use WSL2 for this task. There might be some unsolvable problems that I'm not aware of, but I tried to do it anyhow. In the following, I'll describe the steps I took and the problem I'm currently facing. I hope that somebody can help me with the problem or can tell me why this is not possible at all.

First, I tried to just install the driver:

sudo ./sgx_linux_x64_driver_2.11.0_4505f07.bin

 

However, /lib/modules is empty leading to the following error:

Unpacking Intel SGX Driver ... done.
Verifying the integrity of the install package ... done.
Installing Intel SGX Driver ...
/tmp/sgx-driver-bQXOE0 ~/downloads
install -d /opt/intel/sgxdriver/package
install -d /opt/intel/sgxdriver/scripts
install package/* /opt/intel/sgxdriver/package
install scripts/* /opt/intel/sgxdriver/scripts
~/downloads
/opt/intel/sgxdriver/package ~/downloads
make -C /lib/modules/4.19.128-microsoft-standard/build M=/opt/intel/sgxdriver/package modules
make[1]: *** /lib/modules/4.19.128-microsoft-standard/build: No such file or directory.  Stop.
Makefile:16: recipe for target 'default' failed
make: *** [default] Error 2

 

Thus, I downloaded the kernel (from https://github.com/microsoft/WSL2-Linux-Kernel/releases/tag/4.19.128-microsoft-standard), extracted the kernel, configured the kernel, setup the kernel for external modules, and created a link at the expected location:

$ wget https://github.com/microsoft/WSL2-Linux-Kernel/archive/4.19.128-microsoft-standard.tar.gz
$ tar xf 4.19.128-microsoft-standard.tar.gz
$ cd WSL2-Linux-Kernel-4.19.128-microsoft-standard/
$ make defconfig
$ sudo make modules_prepare
$ sudo mkdir -p /lib/modules/4.19.128-microsoft-standard
$ sudo ln -s /home/***/WSL2-Linux-Kernel-4.19.128-microsoft-standard/ /lib/modules/4.19.128-microsoft-standard/build

 

At this point, the installation seems successful:

$ sudo ./sgx_linux_x64_driver_2.11.0_4505f07.bin
Unpacking Intel SGX Driver ... done.
Verifying the integrity of the install package ... done.
Installing Intel SGX Driver ...
/tmp/sgx-driver-1cgy4Z ~/downloads
install -d /opt/intel/sgxdriver/package
install -d /opt/intel/sgxdriver/scripts
install package/* /opt/intel/sgxdriver/package
install scripts/* /opt/intel/sgxdriver/scripts
~/downloads
/opt/intel/sgxdriver/package ~/downloads
make -C /lib/modules/4.19.128-microsoft-standard/build M=/opt/intel/sgxdriver/package modules
make[1]: Entering directory '/home/d052845/downloads/WSL2-Linux-Kernel-4.19.128-microsoft-standard'

  WARNING: Symbol version dump ./Module.symvers
           is missing; modules will have no dependencies and modversions.

  CC [M]  /opt/intel/sgxdriver/package/sgx_main.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_page_cache.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_ioctl.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_vma.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_util.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_encl.o
  CC [M]  /opt/intel/sgxdriver/package/sgx_encl2.o
  LD [M]  /opt/intel/sgxdriver/package/isgx.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /opt/intel/sgxdriver/package/isgx.mod.o
  LD [M]  /opt/intel/sgxdriver/package/isgx.ko
make[1]: Leaving directory '/home/d052845/downloads/WSL2-Linux-Kernel-4.19.128-microsoft-standard'
depmod: WARNING: could not open /lib/modules/4.19.128-microsoft-standard/modules.order: No such file or directory
depmod: WARNING: could not open /lib/modules/4.19.128-microsoft-standard/modules.builtin: No such file or directory

You may need to run "/sbin/modprobe isgx (--allow-unsupported)" or reboot system manually!

uninstall.sh script generated in "/opt/intel/sgxdriver".

 

Unfortunately, adding the module to the kernel does not work:

sudo /sbin/modprobe isgx
modprobe: ERROR: could not insert 'isgx': Exec format error


At this point, I also tried to follow the build and install instructions from the SGX driver repository (https://github.com/intel/linux-sgx-driver), but the result is exactly the same.

As mentioned before: has anybody an idea what I do wrong, can tell me what else I could try, or can explain why it cannot work?

Thank you for your help,
Benny

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎12-02-2020 10:58 AM
4,396 Views
Solved Jump to solution

Hello Benny,


I consulted with someone smarter than me and found out that SGX is not enabled in WSL at all. So, even if you were able to compile the driver you would not be able to load it.


Like a hypervisor or VMM, SGX would have to be passed through as a feature to WSL.


Confirm that SGX is not enabled by running:


sudo cpuid | grep -i sgx


You should see everything come back as false.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
Copy link

Link Copied

4 Replies
JesusG_Intel
Moderator
‎12-02-2020 09:47 AM
4,403 Views
Solved Jump to solution

Hello Benny,


I am able to reproduce your issue and managed to get a little further by following these instructions: https://github.com/microsoft/WSL2-Linux-Kernel/issues/78#issuecomment-715854823


I still can't get the Linux SGX driver to install due to compilation errors in sgx_main.c.


I'm working on it but I just wanted to give you my latest in case it helps you.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
JesusG_Intel
Moderator
‎12-02-2020 10:58 AM
4,397 Views
Solved Jump to solution

Hello Benny,


I consulted with someone smarter than me and found out that SGX is not enabled in WSL at all. So, even if you were able to compile the driver you would not be able to load it.


Like a hypervisor or VMM, SGX would have to be passed through as a feature to WSL.


Confirm that SGX is not enabled by running:


sudo cpuid | grep -i sgx


You should see everything come back as false.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
Copy link
Benny_F_
Beginner
‎12-03-2020 09:47 AM
4,386 Views
Solved Jump to solution
In response to JesusG_Intel

Hello Jesus,

first, thank you very much for reproducing and confirming my problem. 

Thank you even more for finding out that SGX in not enabled in WSL at all. As you already expected, cpuid will return false on the proposed command. That's very unfortunate, but I now know at least that I do not have to spend more time trying. I hoped that the feature is passed to WSL as it seems to be possible with virtual machines.

Hopefully, Intel and Microsoft will find a solution one day, because I consider SGX development with WSL a big advantage.

Best regards,
Benny

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎12-03-2020 11:09 AM
4,380 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.