如果您的系统是Ubuntu 20.04默认安装且kernel version为5.11+的话,可以无脑执行下面的命令
sudo apt-get install -y autoconf bison build-essential gawk meson python3 python3-click python3-jinja2 wget
sudo apt-get install -y libunwind8 python3-pyelftools python3-pytest
sudo apt-get install -y libcurl4-openssl-dev libprotobuf-c-dev protobuf-c-compiler python3-pip python3-protobuf
python3 -m pip install toml>=0.10
请注意,如果您的内核版本为 5.9 或更高版本,则 FSGSBASE 功能已被支持,您可以跳过此步骤。
检测kernel version
uname -r
如果您当前的内核版本低于 5.9,那么您有两种选择:
请注意,如果您的内核版本为 5.11 或更高版本,那么 Intel SGX 驱动程序已经安装,您可以跳过此步骤。
如果你的旧CPU不支持 FLC, 您需要下载并安装以下 Intel SGX 驱动程序:https://github.com/intel/linux-sgx-driver
如果你的CPU支持FLC, 您可以从以下位置选择安装英特尔 SGX 驱动程序的 DCAP 版本:https://github.com/intel/SGXDataCenterAttestationPrimitives
sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl
sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip
为了安装最新的Intel® SGX SDK安装器,请确保你下载了最新的 Intel® SGX SDK安装器从Intel® SGX SDK 跟随安装指引Installation Guide在相同的页安装最新的Intel® SGX SDK Installer.
sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
sudo apt-get install build-essential python-is-python3
sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_driver_${version}.bin
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_driver_${version}.bin
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_sdk_${version}.bin
sudo chmod 777 sgx_linux_x64_*
sudo apt-get install dkms
Install the components in following order:
sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev
sudo ./sgx_linux_x64_driver_${version}.bin
git clone https://github.com/intel/linux-sgx.git
cd linux-sgx
make preparation
sudo cp external/toolset/ubuntu20.04/{as,ld,objdump} /usr/local/bin/
which ld.gold
sudo cp /usr/bin/ld.gold /usr/local/bin/
sudo make sdk
sudo make sdk_install_pkg
sudo apt-get install build-essential python
cd linux/installer/bin
sudo ./sgx_linux_x64_sdk_${version}.bin
# Enter no,/opt/intel/
source /opt/intel/sgxsdk/environment
cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
sudo make SGX=1
cd bin
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install libsgx-launch libsgx-urts
sudo apt-get install libsgx-epid libsgx-urts
sudo apt-get install libsgx-quote-ex libsgx-urts
sudo apt-get install libsgx-dcap-ql
cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
sudo make SGX=1
cd bin
Ensure that Intel SGX is enabled on your platform using is_sgx_available.
Clone the Graphene repository:
git clone https://github.com/oscarlab/graphene.git
cd graphene
sudo openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072
sudo apt-get install -y autoconf bison build-essential gawk libcurl4-openssl-dev libprotobuf-c-dev meson protobuf-c-compiler python3 python3-click python3-jinja2 python3-pip python3-protobuf wget
sudo python3 -m pip install toml>=0.10
sudo make
sudo make ISGX_DRIVER_PATH="" SGX=1 # this assumes Linux 5.11+
sudo meson setup build/ --buildtype=release -Ddirect=enabled -Dsgx=enabled
sudo ninja -C build/
sudo ninja -C build/ install
in the system (only required for the legacy SGX driver and not needed for newer DCAP/in-kernel drivers):sudo sysctl vm.mmap_min_addr=0
Note that this is an inadvisable configuration for production systems.
cd LibOS/shim/test/regression
sudo make SGX=1
sudo make SGX=1 sgx-tokens
graphene-sgx helloworld
cd /linux-sgx/graphene/Examples/python/
This directory contains an example for running Python 3 in Graphene, including
the Makefile and a template for generating the manifest.
For generating the manifest and running the test scripts, please run the following command to install the required packages (Ubuntu-specific):
sudo apt-get install libnss-mdns python3-numpy python3-scipy
Run make
(non-debug) or make DEBUG=1
(debug) in the directory.
Run make SGX=1
(non-debug) or make SGX=1 DEBUG=1
(debug) in the directory.
By default, the make
command creates the manifest for the Python binary from the system installation. If you have a local installation, you may create the manifest with the PYTHONPATH
variable set accordingly. You can also specify a particular version of Python. For example:
make PYTHONPATH=<python install path> PYTHONVERSION=python3.6 SGX=1
Here’s an example of running Python scripts under Graphene:
Without SGX:
graphene-direct ./python scripts/helloworld.py
graphene-direct ./python scripts/test-numpy.py
graphene-direct ./python scripts/test-scipy.py
With SGX:
graphene-sgx ./python scripts/helloworld.py
graphene-sgx ./python scripts/test-numpy.py
graphene-sgx ./python scripts/test-scipy.py
You can also manually run included tests:
SGX=1 ./run-tests.sh
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。