SGX(Software Guard eXtensions) install and develop config guide

**n年前研究的SGX，所有的都有缘分吧**
# 参考
[1] [Intel SGX新技术学习研究引导手册](http://vonwei.com/post/IntelSGXGuide.html)
[2] [SGX downloads sites](https://software.intel.com/en-us/sgx-sdk/download)
[3] [SGX linux配置](http://blog.csdn.net/y734564892/article/details/78177444)
[ubuntu 16.04.3下载](http://old-releases.ubuntu.com/releases/16.04.3/)
[4] [eclipse for C++ Mars 1](https://www.eclipse.org/downloads/packages/release/Mars/1)
[5] [CDT downloads](https://www.eclipse.org/cdt/downloads.php)

# SGX linux-OS install

---
**NOTE**

- 6th Generation Intel Core Processor or newer
    - i7-4790 是第四代
 - Intel SGX option enabled in BIOS

---
## 1. pre-condition
 - three binary installers packaged separately
    - SGX driver
    - PSW(SGX platform software)
    - SGX SDK
 - the following OS
    - ubuntu 16.04.3 64-bit Desktop and Server
    - Red Hat 7.4 64-bit 企业版
    - Centos*7.4.1708 64 bits
    - SuSe 企业版Server 12 64 bits
 - SGX PSW about ubuntu 16.04
    - sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
 - SGX SDK about ubuntu 16.04
    - sudo apt-get install build-essential python
 - To use trusted platform service,install the following
    - Ensure mei_me driver is enabled and /dev/mei0 exists
    - Download [iclsClient](https://software.intel.com/en-us/sgx-sdk/download) and install the following commands:
        - ubuntu 16.04 
            ```
            sudo apt-get install alien
            sudo alien --scripts iclsClient-1.45.449.12-1.x86_64.rpm
            sudo dpkg -i iclsClient_1.45.449.12-2_amd64.deb
            ```
    - Download source code from the [dynamic-application-loader-host-interface](https://github.com/01org/dynamic-application-loader-host-interface) project.In the source code folder build and install the JHI service using the following commands:
        - ubuntu 16.04
         ```
            sudo apt-get install uuid-dev libxml2-dev cmake pkg-config
            cmake .;make;sudo make install;sudo systemctl enable jhi
        ```
## 2.Installation
install the three packages in following order:

- ① SGX driver
 
        ```
            sudo ./sgx_linux_x64_driver.bin
        ```
  in */opt/intel/sgxdriver* dir *uninstall.sh*
 - ② SGX PSW
 
        ```
        sudo ./sgx_linux_<os>_x64_psw_<version>.bin
        ```

- include user space libraries such as uRTS and AESM-->/usr/lib
    - AESM and AE libraries --> /opt/intel/sgxpsw/aesm
        - AESM service as a system daemon-->/var/opt/aesmd
        - http proxy server for the AESM service -->/etc/aesmd.conf(example on how to setup the proxy but it is commented out)
        - uninstall.sh under the /opt/intel/sgxpsw 
    
 - ③ SGX SDK

```
    ./sgx_linux_<os>_x64_sdk_<version>.bin
    ```

- install in the current directory *[input dir]/sgxsdk*
    - source [input dir]/sgxsdk/enviroment设置环境变量
    - uninstall.sh -->[input dir]/sgxsdk
    - 建议安装在/opt/intel路径
    - 环境变量设置/etc/profile

---

**NOTE**

- PSW install the user space libraries in /usr/lib
 - SDK installs the corresponding shell libraries in [input dir]/sgxsdk/lib64

shell libraries contain the declaration of the public APIs and are only needed for** building Intel SGX applications**.
At runtime,the **standard user-space libraries** in /user/lib are loaded automatically
 ---

---
**NOTE**

- sample code in [input dir]/sgxsdk/SampleCode
 - uninstall intel SGX,run the corresponding uninstall.sh scripts to uninstall the components in the following order
    - Uninstall intel SGX SDK
    - uninstall intel SGX PSW
    - uninstall intel SGX driver

---

## 3. Install SGX Eclipse plug-in(主要针对开发)
help the enclave developer to maintain enclaves and untrusted related code inside Eclipse c/c++ projects

### 3.1 Prerequisites
To use SGX Eclipse Plug-in,install the following softwares:

- Eclipse Mars 1 with CDT IDE for C/C++ Developpers(version4.5.1)
    - JDK or JRE version 1.8 or above
    ```
sudo apt-get install default-jdk(jdk contains jre)
add the env variable in /etc/environment  JAVA_HOME
    ```
 - gcc/g++ tools
 - Openssl
 - SGX SDK for Linux OS

### 3.2 Installation
install SGX Eclipse Plug-in as a regular Eclipse Plugin:

- Download the SGX Eclipse Plug-in from [ SGX eclipse plug-in](https://01.org/zh/intel-software-guard-extensions/downloads?langredirect=1)
 - Help menu -> Install New Software.**Add** button for the Work with field to open the **Add Repository** dialog as shown in the following graphic:
    <center>
        ![eclipse-plug-in](https://leanote.com/api/file/getImage?fileId=6006c136ab64412e3e0000f6)
    </center>
 - Enter *Intel(R) SGX Archive* in the Name field. *Archive* button and select the location of the downloaded archive as shown in the following graphic:
 
    <center>
        ![archive-plug-in](https://leanote.com/api/file/getImage?fileId=6006c136ab64412e3e0000f5)
    </center>
 - Ok to add the archives as a repository
 - **Install** dialog select **Intel(R) Software Guard Extensions Plugin** check-box and proceed with the usual steps

### 3.3 Configuration

- Window menu --> Preferences .Enter **Intel(R) SGX** in the filter text field to quickly locate the** Intel(R) SGX Preferences **Page
 
    <center>
        ![preferences](https://leanote.com/api/file/getImage?fileId=6006c136ab64412e3e0000f4)
    </center>

- Enter the path for Intel SGX SDK for Linux OS in the Intel(R) SGX SDK Directory field

信息安全从业人员^_^

导航

最近发表

友情链接