This is a demo of using Teaclave Rust SGX with Intel SGX DCAP suite. More examples are coming up.
Re-write most of Intel's PCKRetrieval tool in Rust:
enclave
is configured to be a release mode enclave, and only supports DCAP on FLC enabled platform.
libsgx_dcap_ql.so
is required for building the app. With the default setup of Intel DCAP package, only libsg_dcap_ql.so.1
presented at /usr/lib/x86_64-linux-gnu
. You may probably need to create a symlink for it by
cd /usr/lib/x86_64-linux-gnu ln -s libsgx_dcap_ql.so.1 libsgx_dcap_ql.so
Then the project could be build smoothly:
$ make $ cd bin $ ./PCKIDRetrievalTool
AFAIK, i7-9700k, i9-9900k, i9-9900ks, Celeron J5005 supports FLC. My platform is i9-9900ks + Gigabyte AORUS Z390 Master. DCAP suite v1.6 works fine. Also Xeon E-2100/E-2200 works.
Regular Intel SGX SDK + DCAP driver + DCAP libraries are enough. I use the following Dockerfile:
FROM ubuntu:18.04 MAINTAINER Yu Ding ENV DEBIAN_FRONTEND=noninteractive ENV rust_toolchain nightly-2020-04-07 ENV sdk_bin https://download.01.org/intel-sgx/sgx-linux/2.9.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.9.101.2.bin RUN apt-get update && \ apt-get install -y gnupg2 apt-transport-https ca-certificates curl software-properties-common build-essential automake autoconf libtool protobuf-compiler libprotobuf-dev git-core libprotobuf-c0-dev cmake pkg-config expect gdb RUN curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \ add-apt-repository "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" && \ apt-get update && \ apt-get install -y libsgx-urts libsgx-dcap-ql libsgx-dcap-default-qpl sgx-dcap-pccs \ libsgx-enclave-common-dbgsym libsgx-dcap-ql-dbgsym libsgx-dcap-default-qpl-dbgsym && \ rm -rf /var/lib/apt/lists/* && \ rm -rf /var/cache/apt/archives/* && \ mkdir /var/run/aesmd && \ mkdir /etc/init RUN curl 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' --output /root/rustup-init && \ chmod +x /root/rustup-init && \ echo '1' | /root/rustup-init --default-toolchain ${rust_toolchain} && \ echo 'source /root/.cargo/env' >> /root/.bashrc && \ /root/.cargo/bin/rustup component add rust-src rls rust-analysis clippy rustfmt && \ /root/.cargo/bin/cargo install xargo && \ rm /root/rustup-init && rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git RUN mkdir /root/sgx && \ curl --output /root/sgx/sdk.bin ${sdk_bin} && \ cd /root/sgx && \ chmod +x /root/sgx/sdk.bin && \ echo -e 'no\n/opt' | /root/sgx/sdk.bin && \ echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \ echo 'alias start-aesm="LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm /opt/intel/sgx-aesm-service/aesm/aesm_service"' >> /root/.bashrc && \ rm -rf /root/sgx* RUN cd /usr/lib/x86_64-linux-gnu && \ ln -s libsgx_dcap_ql.so.1 libsgx_dcap_ql.so WORKDIR /root