We recommend Ubuntu 16.04/18.04. Desktop or server is the same. It could be your host OS or guest OS (inside docker). Technically, a full compatible list could be found at Intel's download page. As of 04-01-2019 (v 2.4.0), the list contains:
A good reference for hardware compatibility is SGX-Hardware. You can use the script test-sgx.c there to check if SGX is/could be enabled.
Followings are FAQs I've been always asked:
Another solution is Intel's VCA 2 card. It should be placed only in 2-socket Xeon E5 systems (or following). Dmitrii of Intel Lab is using it for Redis-SGX.
Please use rustup to install and manage Rust toolchains. DO NOT use anything like apt
or yum
.
During the installation you'll be asked about ‘installation options’ as follows:
Current installation options: default host triple: x86_64-unknown-linux-gnu default toolchain: stable modify PATH variable: yes
The host triple (though quadruple here) is correct. You could just press enter to skip it. When asking about default toolchain, you could enter nightly-2019-01-28
or similar version number. And we recommend to answer ‘Y’ to the PATH modification.
rustup is always installed in ~
and does not affect other users.
Then you will have rustup works well. To switch to another toolchain, try
$ rustup toolchain default nightly-2019-03-31
This would triggers downloading and installation if the desired toolchain is not found on your disk.
To add more rust tools such as rust-src
(for xargo), rust-clippy
(for lint):
$ rustup component add rust-src
The toolchain setup strictly follows the following steps:
And don't forget to source the environment
file for Intel SGX SDK (such as sgx-sign).
Firstly, do step 0 to get /dev/isgx
works. Then start a docker container as follows:
$ docker run -ti --rm -v /path/to/sdk:/root/sgx \ --device /dev/isgx \ --device /dev/mei0 \ # Optional if you have it and want to use it baiduxlab/sgx-rust root@913e6a00c8d8:~#
(Optional) Install iCls and jhi daemon. Steps are here
(Optional) Start jhi daemon: jhid -d
Start aesm daemon
root@913e6a00c8d8:~# aesm_service[18]: The server sock is 0x5636e90be960 aesm_service[18]: [ADMIN]White List update requested aesm_service[18]: [ADMIN]Platform Services initializing aesm_service[18]: [ADMIN]Platform Services initialization failed due to DAL error aesm_service[18]: [ADMIN]White list update request successful for Version: 49 root@913e6a00c8d8:~#
And then change directory to /root/sgx/samplecode/hello-rust
and make
. Then cd to bin
and ./app
.
Make sure you have docker installed and working.
Start docker as:
$ docker run -ti --rm -v /path/to/sdk:/root/sgx baiduxlab/sgx-rust root@913e6a00c8d8:~#
And then build in simulation mode
$ cd /root/sgx/samplecode/hello-rust $ SGX_MODE=SW make $ cd bin $ ./app
Just add another device mapping to the command to have aesm.socket
works in SGX. This requires step 3 finished on the host OS and /var/run/aesmd/aesm.socket
exists on the host OS.
$ docker run --rm -ti \ --device /dev/isgx \ # forward isgx device -v /path/to/rust-sgx-sdk:/root/sgx \ # add SDK -v /var/run/aesmd:/var/run/aesmd \ # forward domain socket baiduxlab/sgx-rust
Then you can skip launching aesmd
in the docker container.
The only known solution:drone.io is provided by @elichai. We've set it up successfully.