Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/intel/linux-sgx-driver

Intel SGX Linux* Driver
https://github.com/intel/linux-sgx-driver

Last synced: 8 months ago
JSON representation

Intel SGX Linux* Driver

Awesome Lists containing this project

README 

          
Intel(R) Software Guard Extensions for Linux\* OS

================================================



# linux-sgx-driver



Introduction

------------

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.



The Linux SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software. The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the [linux-sgx](https://github.com/01org/linux-sgx) project.



The [linux-sgx-driver](https://github.com/01org/linux-sgx-driver) project hosts the out-of-tree driver for the Linux Intel(R) SGX software stack, which was used until the driver upstreaming process was complete. 



IMPORTANT:

---------

This driver is deprecated and no longer maintained by Intel. We recommend the SGX community to use the SGX driver that was upstreamed into the Linux kernel. If that is not possible you may still use the [DCAP driver](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/driver) that tracks closely the upstreamed kernel driver. Note that both kernel and DCAP drivers require SGX CPUs with Flexible Launch Control (FLC) support.



For new feature requests/patches, please submit them directly to the [linux-sgx mailing list](http://vger.kernel.org/vger-lists.html#linux-sgx)



License

-------

See License.txt for details.



Documentation

-------------

- [Intel(R) SGX for Linux\* OS](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html)

- [Intel(R) SGX Programming Reference](https://software.intel.com/en-us/articles/intel-sdm)



Build and Install the Intel(R) SGX Driver

-----------------------------------------



### Prerequisites

- Ensure that you have an operating system version supported as listed for specific releases: [https://01.org/intel-software-guard-extensions/downloads](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html#downloads)  

- Ensure that you have the following required hardware:  

  * 6th Generation Intel(R) Core(TM) Processor or newer

- Configure the system with the **SGX hardware enabled** option.

- To build the driver, the version of installed kernel headers must match the active kernel version on the system.

  * On Ubuntu

     * To check if matching kernel headers are installed:

        ```

        $ dpkg-query -s linux-headers-$(uname -r)

        ```

     * To install matching headers:

        ```

        $ sudo apt-get install linux-headers-$(uname -r)

        ```

  * On CentOS, RHEL or Fedora

     * To check if matching kernel headers are installed:

        ```

        $ ls /usr/src/kernels/$(uname -r)

        ``` 

     * To install matching headers:

        ```

        $ sudo yum install kernel-devel

        ```

     * After the above command, if the matching headers are still missing in /usr/src/kernels, try update kernel and reboot usig commands below. Then choose updated kernel on boot menu.

        ```

        $ sudo yum install kernel

        $ sudo reboot

        ```

     * On RHEL 8.0 elfutils-libelf-devel package is required:

        ```

        $ sudo yum install elfutils-libelf-devel

        ```



**Note:** Refer to the *"Intel® SGX Resource Enumeration Leaves"* section in the [Intel SGX Programming reference guide](https://software.intel.com/en-us/articles/intel-sdm) to make sure your cpu has the SGX feature.



### Build the Intel(R) SGX Driver



To build Intel(R) SGX driver, change the directory to the driver path and enter the following command:

```

$ make

```

You can find the driver *isgx.ko* generated in the same directory.



### Install the Intel(R) SGX Driver

To install the Intel(R) SGX driver, enter the following command with root privilege:

```

$ sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"    

$ sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"    

$ sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules"    

$ sudo /sbin/depmod

$ sudo /sbin/modprobe isgx

```

On Red Hat Enterprise Linux Server or CentOS, need to run below command on each reboot

```

$ sudo /sbin/modprobe isgx

``` 

On SUSE, need to add '--allow-unsupported' flag when executing 'modprobe' command during the SGX driver intallation and on each reboot

```

$ sudo /sbin/modprobe isgx --allow-unsupported

``` 



### Uninstall the Intel(R) SGX Driver

Before uninstall the Intel(R) SGX driver, make sure the aesmd service is stopped. See the topic, Start or Stop aesmd Service, on how to stop the aesmd service.  

To uninstall the Intel(R) SGX driver, enter the following commands: 

```

$ sudo /sbin/modprobe -r isgx

$ sudo rm -rf "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx"

$ sudo /sbin/depmod

$ sudo /bin/sed -i '/^isgx$/d' /etc/modules

```