-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup_openenclave_with_dcap_support.sh
executable file
·52 lines (42 loc) · 2.78 KB
/
setup_openenclave_with_dcap_support.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
# Set up Open Enclave with DCAP support on Ubuntu 20.04
# - https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/Contributors/NonAccMachineSGXLinuxGettingStarted.md
# - https://github.com/openenclave/openenclave/blob/master/docs/GettingStartedDocs/install_oe_sdk-Ubuntu_20.04.md
# 1. Configure the Intel and Microsoft APT repositories
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
echo "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-10 main" | sudo tee /etc/apt/sources.list.d/llvm-toolchain-focal-10.list
wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main" | sudo tee /etc/apt/sources.list.d/msprod.list
wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo apt update -y
# 2. Install Intel SGX DCAP Driver
# Mainline kernel release 5.11 or higher includes the SGX in-kernel driver.
# The in-kernel driver requires the platform to support and to be configured for Flexible Launch Control (FLC).
sudo apt install -y linux-image-5.13.0-1010-oem
# If you intend to run an SGX application that loads an enclave requiring
# the Provision Key Access, the user needs to be added to the group "sgx_prv".
# Applications that obtain a quote from the DCAP Quote Generation library for the
# purposes of remote attestation may require Provision Key Access.
sudo usermod -aG sgx_prv $(whoami)
# 3. Install Open Enclave
sudo apt install -y clang-10 libssl-dev gdb libprotobuf17
sudo apt install -y open-enclave
# 4. Install Intel DCAP Quote Provider Library
sudo apt purge -y az-dcap-client
sudo apt install -y libsgx-dcap-default-qpl
# Create a soft link (named libdcap_quoteprov.so) to libdcap_quoteprov.so.x.yy.zzz.v
# TODO: get the version number automatically
libdcap_qpl_version=1.11.101.1
pushd /usr/lib/x86_64-linux-gnu
sudo rm -f libdcap_quoteprov.so
sudo ln -s libdcap_quoteprov.so.$libdcap_qpl_version libdcap_quoteprov.so
popd
# Configure the qpl
echo -e "\n=========================================================================================="
echo -e "1. Please double-check libdcap_quoteprov.so.$libdcap_qpl_version matches \n the version in /usr/lib/x86_64-linux-gnu"
echo -e "2. Please configure the qpl: /etc/sgx_default_qcnl.conf"
echo -e " PCCS_URL=https://10.0.0.80:8081/sgx/certification/v3/"
echo -e " USE_SECURE_CERT=FALSE"
echo -e " Then, use the attestation sample in Open Enclave to verify OE remote attestation works."
echo -e "=========================================================================================="