- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Today, follow the official tutorial to configure sgx DCAP:
The goal is to install open enclave to develop trusted programs:
But the system got the following error when installing sgx dcap:
wynn@wynn-ThinkCentre-E97:~$ sudo ./sgx_linux_x64_driver_1.41.bin
Unpacking Intel SGX Driver ... done.
Verifying the integrity of the install package ... done.
Installing Intel SGX Driver ...
/tmp/sgx-driver-Zetugn /home/wynn
install -d /opt/intel/sgxdriver/package
install -d /opt/intel/sgxdriver/scripts
cp -r package/* /opt/intel/sgxdriver/package
install scripts/* /opt/intel/sgxdriver/scripts
/home/wynn
Kernel preparation unnecessary for this kernel. Skipping...
Building module:
cleaning build area...
'make' KDIR=/lib/modules/5.15.0-43-generic/build...(bad exit status: 2)
ERROR (dkms apport): binary package for sgx: 1.41 not found
Error! Bad return status for module build on kernel: 5.15.0-43-generic (x86_64)
Consult /var/lib/dkms/sgx/1.41/build/make.log for more information.
Failed to build driver. Please check if the matching kernel headers are installed.
In addition, I tried the 1.36 version of sgx DACP and failed.
Is it the reason that the kernel version does not conform?
Specifically, do I need to replace the kernel, or is there an adapted version of DCAP?
If the kernel needs to be replaced, what needs to be done specifically? I'm not very clear about the operation in this regard. I tried to replace it before but the system went wrong.Please give some details if possible!!!
Looking forward to a professional recovery, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please check if matching kernel headers are installed by running:
dpkg-query -s linux-headers-$(uname -r)
Then to install matching headers, run the following command:
sudo apt-get install linux-headers-$(uname -r)
Sincerely,
Sahira
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please check if matching kernel headers are installed by running:
dpkg-query -s linux-headers-$(uname -r)
Then to install matching headers, run the following command:
sudo apt-get install linux-headers-$(uname -r)
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wynn@wynn-ThinkCentre-E97:~$ dpkg-query -s linux-headers-$(uname -r)
Package: linux-headers-5.15.0-43-generic
Status: install ok installed
Priority: optional
Section: devel
Installed-Size: 25605
Maintainer: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
Architecture: amd64
Source: linux-hwe-5.15
Version: 5.15.0-43.46~20.04.1
Provides: linux-headers, linux-headers-3.0
Depends: linux-hwe-5.15-headers-5.15.0-43, libc6 (>= 2.22), libelf1 (>= 0.142), libssl1.1 (>= 1.1.0), zlib1g (>= 1:1.2.3.3)
Description: Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
This package provides kernel header files for version 5.15.0 on
64 bit x86 SMP.
.
This is for sites that want the latest kernel headers. Please read
/usr/share/doc/linux-headers-5.15.0-43/debian.README.gz for details.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
Linux kernel versions v5.11 and newer have the SGX driver that supports DCAP built in, so you do not have to (and should not try to) manually install the DCAP driver.
Regards.
Scott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
thanks for your reply,
I would like to check the detail with you.
my linux-headers:
wynn@wynn-ThinkCentre-E97:~$ dpkg-query -s linux-headers-$(uname -r)
Package: linux-headers-5.15.0-43-generic
Status: install ok installed
Priority: optional
Section: devel
Installed-Size: 25605
Maintainer: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com>
Architecture: amd64
Source: linux-hwe-5.15
Version: 5.15.0-43.46~20.04.1
Provides: linux-headers, linux-headers-3.0
Depends: linux-hwe-5.15-headers-5.15.0-43, libc6 (>= 2.22), libelf1 (>= 0.142), libssl1.1 (>= 1.1.0), zlib1g (>= 1:1.2.3.3)
Description: Linux kernel headers for version 5.15.0 on 64 bit x86 SMP
This package provides kernel header files for version 5.15.0 on
64 bit x86 SMP.
.
This is for sites that want the latest kernel headers. Please read
/usr/share/doc/linux-headers-5.15.0-43/debian.README.gz for details.
wynn@wynn-ThinkCentre-E97:~$ dmesg | grep -i sgx
[ 0.353577] sgx: EPC section 0x90200000-0x95ffffff
Is this sgx the sgx DACP driver? What else do I need to activate and configure?
Sincerely,
urnotcoward
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, that is the in-kernel SGX driver that does support DCAP. It is not to be confused with the DCAP driver that we publish on GitHub, which is a bit different. There is nothing else you need to do or configure from the driver point of view. You should now see the SGX device nodes available, ie:
ls -la /dev/sgx*
crw-rw-rw- 1 root root 10, 125 Aug 29 13:38 /dev/sgx_enclave
crw------- 1 root root 10, 126 Aug 29 13:38 /dev/sgx_provision
crw------- 1 root root 10, 124 Aug 29 13:38 /dev/sgx_vepc
You do now need to install the rest of the Intel SGX Platform Software (PSW) to be able to use SGX. Please see our Linux Install Guide for more info.
Scott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello Scott,
First of all, thanks for the reply!
According to you guide,I can see SGX device nodes:
wynn@wynn-ThinkCentre-E97:~$ ls -la /dev/sgx*
crw-rw-rw- 1 root root 10, 125 9月 6 11:32 /dev/sgx_enclave
crw-rw---- 1 root sgx_prv 10, 126 9月 6 11:32 /dev/sgx_provision
crw------- 1 root root 10, 124 9月 6 11:32 /dev/sgx_vepc
/dev/sgx:
总用量 0
drwxr-xr-x 2 root root 80 9月 6 11:32 .
drwxr-xr-x 20 root root 4640 9月 7 17:22 ..
lrwxrwxrwx 1 root root 14 9月 6 11:32 enclave -> ../sgx_enclave
lrwxrwxrwx 1 root root 16 9月 6 11:32 provision -> ../sgx_provision
Next I will try to continue installing sdk and psw.
In addition, I want to make sure that the sgx driver is the same driver as your official website DACP? After installing the SGX SDK and PWS based on it, can the remote attestation function be provided normally?
Sincerely,
urnotcoward
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition, I need not to install and configure the PCCS, alright ?
I can debug the sgx project by directly installing the SDK and PSW, right?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, from an API perspective, the in-kernel driver is the same as our DCAP driver on GitHub, and going forward, the in-kernel driver is/will be the more "officially" supported. At some point in the future once enough distros have moved forward to newer kernels that have the SGX in-kernel driver, we will ultimately drop support for the GitHub DCAP driver. Also, no newer features will be added to the DCAP driver such as Enclave Dynamic Memory Management (EDMM), which is now in the v6 rc kernel source tree and therefore will be released as part of the Linux kernel v6, but will not be added to the GitHub DCAP driver.
Yes, to be able to use DCAP/ECDSA based attestation, you will need to setup a local PCCS. Again, our Linux Install Guide walks you through most/all of this, including the setup of the PCCS in an Appendix of that guide.
Yes, you can debug enclaves with gdb once you have the SGX SDK installed. More info on the "Enclave Debugger" can be found in our SGX Developer Reference.
Regards.
Scott
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page