Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

SGXDataCenterAttestationPrimitives linux driver installation instructions

bitflipper101
Beginner
‎09-03-2020 10:09 AM
2,478 Views
Solved Jump to solution

following driver/linux installation instructions, after running `make` and `make clean`, it says "With root priviledge, copy the sources to /usr/src/sgx-<version>/"

What is meant by sources in this context?

These are the files in the dir.

-rw-r--r-- 1 root root 249 Sep 2 16:55 version.h
-rw-r--r-- 1 root root 3314 Sep 2 16:55 sgx_wl.h
-rw-r--r-- 1 root root 1807 Sep 2 16:55 sgx.h
-rw-r--r-- 1 root root 8851 Sep 2 16:55 README.md
-rw-r--r-- 1 root root 635 Sep 2 16:55 Makefile
-rw-r--r-- 1 root root 20064 Sep 2 16:55 main.c
-rw-r--r-- 1 root root 2391 Sep 2 16:55 License.txt
-rw-r--r-- 1 root root 21963 Sep 2 16:55 ioctl.c
drwxr-xr-x 3 root root 4096 Sep 2 16:55 include
-rw-r--r-- 1 root root 5892 Sep 2 16:55 encls.h
-rw-r--r-- 1 root root 3912 Sep 2 16:55 encl.h
-rw-r--r-- 1 root root 21259 Sep 2 16:55 encl.c
-rw-r--r-- 1 root root 886 Sep 2 16:55 driver.h
-rw-r--r-- 1 root root 5147 Sep 2 16:55 driver.c
-rw-r--r-- 1 root root 200 Sep 2 16:55 dkms.conf
-rw-r--r-- 1 root root 10594 Sep 2 16:55 arch.h
-rw-r--r-- 1 root root 115 Sep 2 16:55 10-sgx.rules

recursively coping those files and then running the following commands:

$ sudo dkms add -m sgx -v <version>
$ sudo dkms build -m sgx -v <version>
$ sudo dkms install -m sgx -v <version>
$ sudo /sbin/modprobe intel_sgx

sudo /sbin/modprobe intel_sgx results in: "modprobe: ERROR: could not insert 'intel_sgx': No such device"

0 Kudos
1 Solution
JesusG_Intel
Moderator
‎09-08-2020 09:12 AM
2,420 Views
Solved Jump to solution

Hello bitflipper101,


Make sure your aesmd service is running.


$ ps aux | grep -i aesm

$ sudo systemctl start aesmd

$ cat /var/log/syslog | grep -i aesm


View solution in original post

0 Kudos
Copy link

Link Copied

7 Replies
JesusG_Intel
Moderator
‎09-04-2020 05:35 AM
2,467 Views
Solved Jump to solution

Hello bitflipper,


Please provide us which processor you are using and operating system. In order to use DCAP, your processor must support Flexible Launch Control (FLC). Run the following command to find out if your processor supports FLC:


$ cpuid | grep sgx



0 Kudos
Copy link
bitflipper101
Beginner
‎09-04-2020 08:15 AM
2,461 Views
Solved Jump to solution
In response to JesusG_Intel

Hey JesusG,

cpuid | greg SGX gives:

      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = true
   SGX capability (0x12/0):
      SGX1 supported                         = false
      SGX2 supported                         = false

 

In response to JesusG_Intel
0 Kudos
Copy link
IntelSupport
Community Manager
‎09-04-2020 12:02 PM
2,452 Views
Solved Jump to solution

Hello bitflipper101,


Please make sure that SGX is enabled in your BIOS. Your output shows that both sgx1/2 supported are both false. This means that SGX is not enabled in your BIOS.


You can see what the outputs mean in this webpage: https://github.com/ayeks/SGX-hardware#test-sgx


0 Kudos
Copy link
bitflipper101
Beginner
‎09-07-2020 01:34 PM
2,427 Views
Solved Jump to solution
In response to IntelSupport

Ok thank you. It is a cloud hosted machine and had assumed they already had enabled in BIOS.

Cpuid | grep SGX now returns:

SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1):
SGX: Software Guard Extensions supported = true
SGX_LC: SGX launch config supported = true
SGX capability (0x12/0):
SGX1 supported = true
SGX2 supported = false
SGX attributes (0x12/1)

Running the Sample Code LocalAttestion is still resulting in a "failed to load enclave". Do I need to re-install something with SGX now enabled in BIOS?

In response to IntelSupport
0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-08-2020 09:12 AM
2,421 Views
Solved Jump to solution

Hello bitflipper101,


Make sure your aesmd service is running.


$ ps aux | grep -i aesm

$ sudo systemctl start aesmd

$ cat /var/log/syslog | grep -i aesm


0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-14-2020 12:10 PM
2,403 Views
Solved Jump to solution

Hello bitflipper101,


Do you still need help with this issue?


0 Kudos
Copy link
JesusG_Intel
Moderator
‎09-16-2020 12:25 PM
2,392 Views
Solved Jump to solution

Hello bitflipper101,


I have not heard back from you so I will close this inquiry now. If you need further assistance, please post a new question.


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.