• Stars
    star
    1,180
  • Rank 39,639 (Top 0.8 %)
  • Language
    C++
  • License
    Other
  • Created over 8 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Intel SGX for Linux*

Intel(R) Software Guard Extensions for Linux* OS

linux-sgx

Introduction

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification.

The Linux* Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). The Intel(R) SGX SDK and Intel(R) SGX PSW are hosted in the linux-sgx project.

The SGXDataCenterAttestationPrimitives project maintains an out-of-tree driver for the Linux* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. It is used on the platforms with Flexible Launch Control and Intel(R) AES New Instructions support and could support both Elliptic Curve Digital Signature algorithm (ECDSA) based attestation and Enhanced Privacy Identification (EPID) based attestation.

Note: Ice Lake Xeon-SP (and the future Xeon-SP platforms) doesn't support EPID attestation.

The linux-sgx-driver project hosts the other out-of-tree driver for the Linux* Intel(R) SGX software stack, which will be used until the driver upstreaming process is complete. It is used to support Enhanced Privacy Identification (EPID) based attestation on the platforms without Flexible Launch Control.

The intel-device-plugins-for-kubernetes project enables users to run container applications running Intel(R) SGX enclaves in Kubernetes clusters. It also gives instructions how to set up ECDSA based attestation in a cluster.

The intel-sgx-ssl project provides a full-strength general purpose cryptography library for Intel(R) SGX enclave applications. It is based on the underlying OpenSSL* Open Source project. Intel(R) SGX provides a build combination to build out a SGXSSL based SDK as below. Users could also utilize this cryptography library in SGX enclave applications seperately.

This repository provides a reference implementation of a Launch Enclave for 'Flexible Launch Control' under psw/ae/ref_le. The reference LE implementation can be used as a basis for enforcing different launch control policy by the platform developer or owner. To build and try it by yourself, please refer to the ref_le.md for details.

License

See License.txt for details.

Contributing

See CONTRIBUTING.md for details.

Documentation

Quick Start with Docker and Docker Compose

  • Build PSW and SDK from source. See this README for details.
$ cd docker/build && ./build_compose_run.sh
  • Use prebuilt PSW and SDK downloaded from 01.org. See this README for details.
$ cd linux/installer/docker && ./build_compose_run.sh

Build and Install the Intel(R) SGX Driver

Follow the README.md in the SGXDataCenterAttestationPrimitives project to build and install the Intel(R) SGX driver. NOTE: The above Intel(R) SGX driver requires Flexible Launch Control and Intel(R) AES New Instructions support. If your platform doesn't meet the requirement, please follow the instructions in the linux-sgx-driver project to build and install this version of Intel(R) SGX driver.

Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package

Prerequisites:

  • Ensure that you have one of the following required operating systems:

    • Ubuntu* 18.04 LTS Desktop 64bits
    • Ubuntu* 18.04 LTS Server 64bits
    • Ubuntu* 20.04 LTS Desktop 64bits
    • Ubuntu* 20.04 LTS Server 64bits
    • Ubuntu* 22.04 LTS Server 64bits
    • Red Hat Enterprise Linux Server release 8.6 64bits
    • CentOS Stream 8 64bits
    • CentOS 8.3 64bits
    • SUSE Linux Enterprise Server 15.4 64bits
    • Anolis OS 8.6 64bits
    • Debian 10 64bits
  • Use the following command(s) to install the required tools to build the Intel(R) SGX SDK:

    • On Ubuntu 18.04 and Debian 10:
      $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python3 libssl-dev git cmake perl
      $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
    
    • On Ubuntu 20.04 and Ubuntu 22.04:
      $ sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl
    
    • On Red Hat Enterprise Linux 8.6:
      $ sudo yum groupinstall 'Development Tools'
      $ sudo yum install ocaml ocaml-ocamlbuild wget python3 openssl-devel git cmake perl
      $ sudo alternatives --set python /usr/bin/python3
    
    • On CentOS Stream 8 and CentOS 8.3:
      $ sudo dnf group install 'Development Tools'
      $ sudo dnf --enablerepo=powertools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python3
      $ sudo alternatives --set python /usr/bin/python3
    
    • On Anolis 8.6:
      $ sudo dnf group install 'Development Tools'
      $ sudo dnf --enablerepo=PowerTools install ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python3
      $ sudo alternatives --set python /usr/bin/python3
    
    • On SUSE Linux Enterprise Server 15.4:
      $ sudo zypper install --type pattern devel_basis
      $ sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool wget python3 libopenssl-devel rpm-build git cmake perl
      $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
    

    Note: To build Intel(R) SGX SDK, gcc version is required to be 7.3 or above and glibc version is required to be 2.27 or above.

  • Use the following command to install additional required tools and latest Intel(R) SGX SDK Installer to build the Intel(R) SGX PSW:

    1. To install the additional required tools:
      • On Debian 10:
        $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip lsb-release libsystemd0
      
      • On Ubuntu 20.04 and Ubuntu 22.04:
        $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip pkgconf libboost-dev libboost-system-dev libboost-thread-dev lsb-release libsystemd0
      
      • On Red Hat Enterprise Linux 8.6:
        $ sudo yum install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs
      
      • On CentOS Stream 8 and CentOS 8.3:
        $ sudo dnf --enablerepo=powertools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs
      
      • On Anolis 8.6:
        $ sudo dnf --enablerepo=PowerTools install openssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo yum-utils pkgconf boost-devel protobuf-lite-devel systemd-libs
      
      • On SUSE Linux Enterprise Server 15.4:
        $ sudo zypper install libopenssl-devel libcurl-devel protobuf-devel cmake rpm-build createrepo libsystemd0
      
      1. To install latest Intel(R) SGX SDK Installer Ensure that you have downloaded latest Intel(R) SGX SDK Installer from the Intel(R) SGX SDK and followed the Installation Guide in the same page to install latest Intel(R) SGX SDK Installer.
  • Download the source code and prepare the submodules and prebuilt binaries:

   $ git clone https://github.com/intel/linux-sgx.git
   $ cd linux-sgx && make preparation

The above make preparation would trigger the script download_prebuilt.sh to download the prebuilt binaries. You may need to set an https proxy for the wget tool used by the script (such as export https_proxy=http://test-proxy:test-port)

  • Copy the mitigation tools corresponding to current OS distribution from external/toolset/{current_distr} to /usr/local/bin and make sure they have execute permission:
      $ sudo cp external/toolset/{current_distr}/* /usr/local/bin
      $ which ar as ld objcopy objdump ranlib
    
    Note: The above action is a must even if you copied the previous mitigation tools to /usr/local/bin before. It ensures the updated mitigation tools are used in the later build.

Build the Intel(R) SGX SDK and Intel(R) SGX SDK Installer

  • To build Intel(R) SGX SDK with default configuration, enter the following command:
  $ make sdk

You can find the three flavors of tools and libraries generated in the build directory.

  • This repository supports to build the Intel(R) SGX SDK with below three combinations:
    • USE_OPT_LIBS=0 --- build SDK using SGXSSL and open sourced String/Math
    • USE_OPT_LIBS=1 --- build SDK using optimized IPP crypto and open sourced String/Math
    • USE_OPT_LIBS=2 --- build SDK with no mitigation using SGXSSL and optimized String/Math
    • USE_OPT_LIBS=3 --- build SDK with no mitigation using IPP crypto and optimized String/Math The default build uses USE_OPT_LIBS=1, if you directly type $ make sdk as above. You can switch to the other build combinations instead by entering the following command:
  $ make sdk USE_OPT_LIBS=0

or

  $ make sdk_no_mitigation USE_OPT_LIBS=2

or

  $ make sdk_no_mitigation USE_OPT_LIBS=3

Note: Building the Intel(R) SGX PSW with open sourced SGXSSL/string/math libraries is not supported. Note: Building mitigation SDK with USE_OPT_LIBS=2 or USE_OPT_LIBS=3 is not allowed.

  • To build Intel(R) SGX SDK with debug information, enter the following command:
  $ make sdk DEBUG=1
  • To clean the files generated by previous make sdk command, enter the following command:
  $ make clean
  • To build the Intel(R) SGX SDK installer, enter the following command:
  $ make sdk_install_pkg

You can find the generated Intel(R) SGX SDK installer sgx_linux_x64_sdk_${version}.bin located under linux/installer/bin/, where ${version} refers to the version number.

Note: The above command builds the Intel(R) SGX SDK with default configuration firstly and then generates the target SDK Installer. To build the Intel(R) SGX SDK Installer with debug information kept in the tools and libraries, enter the following command:

  $ make sdk_install_pkg DEBUG=1

Build the Intel(R) SGX PSW and Intel(R) SGX PSW Installer

  • To build Intel(R) SGX PSW with default configuration, enter the following command:
  $ make psw

You can find the tools and libraries generated in the build/linux directory. Note: You can also go to the psw folder and use the make command to build the Intel(R) SGX PSW component only.

  • To build Intel(R) SGX PSW with debug information, enter the following command:
  $ make psw DEBUG=1
  • To clean the files generated by previous make psw command, enter the following command:
  $ make clean

The build above uses prebuilt Intel(R) Architecture Enclaves(LE/PvE/QE/PCE) - the files psw/ae/data/prebuilt/libsgx_*.signed.so, which have been signed by Intel in advance.

  • To build those enclaves by yourself (without a signature), first you need to install latest Intel(R) SGX SDK from the Intel(R) SGX SDK and then build PSW with the default configuration. After that, you can build each Architecture Enclave by using the make command from the corresponding folder:
  $ cd psw/ae/le
  $ make
  • To build the Intel(R) SGX PSW installer, enter the following command:

    • On Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04 and Debian 10:
    $ make deb_psw_pkg
    

    You can find the generated Intel(R) SGX PSW installers located under linux/installer/deb/libsgx-urts, linux/installer/deb/libsgx-enclave-common, linux/installer/deb/libsgx-uae-service, linux/installer/deb/libsgx-epid, linux/installer/deb/libsgx-launch, linux/installer/deb/libsgx-quote-ex and linux/installer/deb/sgx-aesm-service respectively.

    Note: Besides the Intel(R) SGX PSW installer, the above command generates another debug symbol package named package-name-dbgsym_${version}-${revision}_amd64.ddeb for debug purpose. Note: Starting with the 2.10 release, besides the Intel(R) SGX PSW installer, the above command generates SGXDataCenterAttestationPrimitives installers as well. Note: On Debian 10, the default PATH environment may not include /sbin. In this case, before trigger the build, please add /sbin to PATH environment by export PATH=$PATH:/sbin. Note: The above command builds the Intel(R) SGX PSW with default configuration firstly and then generates the target PSW Installer. To build the Intel(R) SGX PSW Installer without optimization and with full debug information kept in the tools and libraries, enter the following command:

    $ make deb_psw_pkg DEBUG=1
    
    • On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3, Anolis OS 8.6 and SUSE Linux Enterprise Server 15.4:
    $ make rpm_psw_pkg
    

    You can find the generated Intel(R) SGX PSW installers located under linux/installer/rpm/libsgx-urts, linux/installer/rpm/libsgx-enclave-common, linux/installer/rpm/libsgx-uae-service, linux/installer/rpm/libsgx-epid, linux/installer/rpm/libsgx-launch, linux/installer/rpm/libsgx-quote-ex and linux/installer/rpm/sgx-aesm-service respectively.

    Note: The above command builds the Intel(R) SGX PSW with default configuration firstly and then generates the target PSW Installer. To build the Intel(R) SGX PSW Installer with debug information kept in the tools and libraries, enter the following command:

    $ make rpm_psw_pkg DEBUG=1
    
  • To build local Debian package repository, enter the following command:

    $ make deb_local_repo
    

    You can find the local package repository located under linux/installer/deb/sgx_debian_local_repo.

    Note: The above command builds the local package repository. If you want to use it, you need to add it to the system repository configuration. The local package repository is not signed, you need to trust it for the purpose of development.

  • To add the local Debian package repository to the system repository configuration, append the following line to /etc/apt/sources.list. You need to replace PATH_TO_LOCAL_REPO with the proper path on your system:

    • On Ubuntu 18.04:
    deb [trusted=yes arch=amd64] file:/PATH_TO_LOCAL_REPO bionic main
    
    • On Ubuntu 20.04:
    deb [trusted=yes arch=amd64] file:/PATH_TO_LOCAL_REPO focal main
    
    • On Ubuntu 22.04:
    deb [trusted=yes arch=amd64] file:/PATH_TO_LOCAL_REPO jammy main
    
    • On Debian 10:
    deb [trusted=yes arch=amd64] file:/PATH_TO_LOCAL_REPO buster main
    

    After that, you need to update the apt:

    $ sudo apt update
    
  • To build local RPM package repository, enter the following command:

    $ make rpm_local_repo
    

    You can find the local package repository located under linux/installer/rpm/sgx_rpm_local_repo.

    Note: The above command builds the local package repository. If you want to use it, you need to add it to the system repository configuration. Since the local package repository is not signed with GPG, you should ignore the gpgcheck when installing the packages.

  • To add the local RPM package repository to the system repository configuration, you can use the following command. You need to replace PATH_TO_LOCAL_REPO with the proper path on your system:

    • On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3, Anolis OS 8.6:
    $ sudo yum-config-manager --add-repo file://PATH_TO_LOCAL_REPO
    
    • On SUSE Linux Enterprise Server 15.4, you need to replace LOCAL_REPO_ALIAS with proper alias name for the local repo:
    $ sudo zypper addrepo PATH_TO_LOCAL_REPO LOCAL_REPO_ALIAS
    
  • To ignore the gpgcheck when you install the package, enter the following command:

    • On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3, Anolis OS 8.6:
    $ sudo yum --nogpgcheck install <package>
    
    • On SUSE Linux Enterprise Server 15.5:
    $ sudo zypper --no-gpg-checks install <package>
    

Install the Intel(R) SGX SDK

Prerequisites

  • Ensure that you have one of the following operating systems:
    • Ubuntu* 18.04 LTS Desktop 64bits
    • Ubuntu* 18.04 LTS Server 64bits
    • Ubuntu* 20.04 LTS Desktop 64bits
    • Ubuntu* 20.04 LTS Server 64bits
    • Ubuntu* 22.04 LTS Server 64bits
    • Red Hat Enterprise Linux Server release 8.6 64bits
    • CentOS Stream 8 64bits
    • CentOS 8.3 64bits
    • SUSE Linux Enterprise Server 15.4 64bits
    • Anolis OS 8.6 64bits
    • Debian 10 64bits
  • Use the following command to install the required tool to use Intel(R) SGX SDK:
    • On Ubuntu 18.04 and Debian 10:
      $ sudo apt-get install build-essential python3
      $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
    
    • On Ubuntu 20.04 and Ubuntu 22.04:
      $ sudo apt-get install build-essential python-is-python3
    
    • On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3 and Anolis OS 8.6:
       $ sudo yum groupinstall 'Development Tools'
       $ sudo yum install python3
       $ sudo alternatives --set python /usr/bin/python3
    
    • On SUSE Linux Enterprise Server 15.4:
       $ sudo zypper install --type pattern devel_basis
       $ sudo zypper install python3
       $ sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
    

Install the Intel(R) SGX SDK

To install the Intel(R) SGX SDK, invoke the installer, as follows:

$ cd linux/installer/bin
$ ./sgx_linux_x64_sdk_${version}.bin

The above command requires you to specify the installation path. You can use the following command to use the non-interactive installation mode:

$ cd linux/installer/bin
$ ./sgx_linux_x64_sdk_${version}.bin --prefix {SDK_INSTALL_PATH_PREFIX}

NOTE: You need to set up the needed environment variables before compiling your code. To do so, run:

  $ source ${sgx-sdk-install-path}/environment

Test the Intel(R) SGX SDK Package with the Code Samples

  • Compile and run each code sample in Simulation mode to make sure the package works well:
  $ cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
  $ make SGX_MODE=SIM
  $ cd bin
  $ ./app

Use similar commands for other sample codes.

Compile and Run the Code Samples in the Hardware Mode

If you use an Intel SGX hardware enabled machine, you can run the code samples in Hardware mode. Ensure that you install Intel(R) SGX driver and Intel(R) SGX PSW installer on the machine. See the earlier topic, Build and Install the Intel(R) SGX Driver, for information on how to install the Intel(R) SGX driver. See the later topic, Install Intel(R) SGX PSW, for information on how to install the PSW package.

  • Compile and run each code sample in Hardware mode, Debug build, as follows:
  $ cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
  $ make
  $ cd bin
  $ ./app

Use similar commands for other code samples. Note: On Ubuntu 22.04 or any distro with systemd v248 or later, /dev/sgx_enclave is only accessible by users in the group "sgx". The enclave app should be run with a uid in the sgx group.

# check systemd version:
$ systemctl --version
# add sgx group to user if it's 248 or above:
$ sudo usermod -a -G sgx <user name>

Install the Intel(R) SGX PSW

Prerequisites

  • Ensure that you have one of the following operating systems:
    • Ubuntu* 18.04 LTS Desktop 64bits
    • Ubuntu* 18.04 LTS Server 64bits
    • Ubuntu* 20.04 LTS Desktop 64bits
    • Ubuntu* 20.04 LTS Server 64bits
    • Ubuntu* 22.04 LTS Server 64bits
    • Red Hat Enterprise Linux Server release 8.6 64bits
    • CentOS Stream 8 64bits
    • CentOS 8.3 64bits
    • SUSE Linux Enterprise Server 15.4 64bits
    • Anolis OS 8.6 64bits
    • Debian 10 64bits
  • Ensure that you have a system with the following required hardware:
    • 6th Generation Intel(R) Core(TM) Processor or newer
  • Configure the system with the Intel SGX hardware enabled option and install Intel(R) SGX driver in advance. See the earlier topic, Build and Install the Intel(R) SGX Driver, for information on how to install the Intel(R) SGX driver.
  • Install the library using the following command:
    • On Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04 and Debian 10:
      $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
    
    • On Red Hat Enterprise Linux 8.6:
      $ sudo yum install openssl-devel libcurl-devel protobuf-devel
    
    • On CentOS Stream 8 and CentOS 8.3:
      $ sudo dnf --enablerepo=powertools install libcurl-devel protobuf-devel
    
    • On Anolis OS 8.6:
      $ sudo dnf --enablerepo=PowerTools install libcurl-devel protobuf-devel
    
    • On SUSE Linux Enterprise Server 15.4:
      $ sudo zypper install libopenssl-devel libcurl-devel protobuf-devel
    

Install the Intel(R) SGX PSW

The SGX PSW provides 3 services: launch, EPID-based attestation, and algorithm agnostic attestation. Starting with the 2.8 release, the SGX PSW is split into smaller packages and the user can choose which features and services to install. There are 2 methods to install the required packages: Using individual packages or using the local repo generated by the build system. Using the local repo is recommended since the system will resolve the dependencies automatically. Currently, we support .deb and .rpm based repos.

Using the local repo(recommended)

Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04 and Debian 10 Red Hat Enterprise Linux 8.6, CentOS Stream 8 and CentOS 8.3 SUSE Linux Enterprise Server 15
launch service apt-get install libsgx-launch libsgx-urts yum install libsgx-launch libsgx-urts zypper install libsgx-launch libsgx-urts
EPID-based attestation service apt-get install libsgx-epid libsgx-urts yum install libsgx-epid libsgx-urts zypper install libsgx-epid libsgx-urts
algorithm agnostic attestation service apt-get install libsgx-quote-ex libsgx-urts yum install libsgx-quote-ex libsgx-urts zypper install libsgx-quote-ex libsgx-urts
DCAP ECDSA-based service apt-get install libsgx-dcap-ql yum install libsgx-dcap-ql zypper install libsgx-dcap-ql

Optionally, you can install *-dbgsym or *-debuginfo packages to get the debug symbols, and install *-dev or *-devel packages to get the header files for development.

Using the individual packages

Please refer Intel_SGX_Installation_Guide_Linux for detail.

Upgrade from a legacy installation

Sometimes we will split old package into smaller ones or move file between different packages. In such cases, you will encounter error messages like: "dpkg: error processing archive ....(--unpack): trying to overwrite ...". You can use 2 methods to address it.

  • Uninstall the old installation first, then install new packages.
  • Add -o Dpkg::Options::="--force-overwrite" option to overwrite existing files and use “dist-upgrade” instead of "upgrade" to install new packages when upgrading. In short, you should use this command:
apt-get dist-upgrade -o Dpkg::Options::="--force-overwrite"

Configure the installation

Some packages are configured with recommended dependency on other packages that are not required for certain usage. For instance, the background daemon is not required for container usage. It will be installed by default, but you can drop it by using the additional option during the installation.

  • On Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04 and Debian 10:
  --no-install-recommends
  • On Red Hat Enterprise Linux 8.6, CentOS Stream 8, CentOS 8.3 and Anolis OS 8.6:
  --setopt=install_weak_deps=False
  • On SUSE Linux Enterprise Server 15.4:
  --no-recommends

ECDSA attestation

To enable ECDSA attestation

  • Ensure that you have the following required hardware:
    • 8th Generation Intel(R) Core(TM) Processor or newer with Flexible Launch Control support*
    • Intel(R) Atom(TM) Processor with Flexible Launch Control support*
  • To use ECDSA attestation, you must install Intel(R) Software Guard Extensions Driver for Data Center Attestation Primitives (Intel(R) SGX DCAP). Please follow the Intel(R) SGX DCAP Installation Guide for Linux* OS to install the Intel(R) SGX DCAP driver.

NOTE: If you had already installed Intel(R) SGX driver without ECDSA attestation, please uninstall the driver firstly and then install the Intel(R) SGX DCAP driver. Otherwise the newly installed Intel(R) SGX DCAP driver will be unworkable.

  • Install Quote Provider Library(QPL). You can use your own customized QPL or use default QPL provided by Intel(libsgx-dcap-default-qpl)

  • Install PCK Caching Service. For how to install and configure PCK Caching Service, please refer to SGXDataCenterAttestationPrimitives

  • Ensure the PCK Caching Service is setup correctly by local administrator or data center administrator. Also make sure that the configure file of quote provider library (/etc/sgx_default_qcnl.conf) is consistent with the real environment, for example: PCS_URL=https://your_pcs_server:8081/sgx/certification/v1/

Start or Stop aesmd Service

The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account aesmd. To stop the service: $ sudo service aesmd stop To start the service: $ sudo service aesmd start To restart the service: $ sudo service aesmd restart

Configure the Proxy for aesmd Service

The aesmd service uses the HTTP protocol to initialize some services. If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service. You should manually edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service. After you configure the proxy, you need to restart the service to enable the proxy.

Reproducibility

Intel(R) SGX is providing several prebuilt binaries. All the prebuilt binaries are built from a reproducible environment in SGX docker container. To reproduce the prebuilt binaries, please follow the reproducibility README.md to prepare the SGX docker container and build out the binaries you want to verify. Most of the binaries could be verified utilizing Linux system command diff, except Intel(R) AEs. Please refer to the README.md for how to verify the reproducibililty of the built out AEs.

More Repositories

1

hyperscan

High-performance regular expression matching library
C++
4,478
star
2

acat

Assistive Context-Aware Toolkit (ACAT)
C#
3,191
star
3

haxm

Intel® Hardware Accelerated Execution Manager (Intel® HAXM)
C
3,029
star
4

appframework

The definitive HTML5 mobile javascript framework
CSS
2,435
star
5

neural-compressor

SOTA low-bit LLM quantization (INT8/FP8/INT4/FP4/NF4) & sparsity; leading model compression techniques on TensorFlow, PyTorch, and ONNX Runtime
Python
2,182
star
6

intel-extension-for-transformers

⚡ Build your chatbot within minutes on your favorite device; offer SOTA compression techniques for LLMs; run LLMs efficiently on Intel Platforms⚡
Python
2,122
star
7

pcm

Intel® Performance Counter Monitor (Intel® PCM)
C++
2,083
star
8

intel-extension-for-pytorch

A Python package for extending the official PyTorch that can easily obtain performance on Intel platform
Python
1,203
star
9

scikit-learn-intelex

Intel(R) Extension for Scikit-learn is a seamless way to speed up your Scikit-learn application
Python
954
star
10

llvm

Intel staging area for llvm.org contribution. Home for Intel LLVM-based projects.
918
star
11

nemu

ARCHIVED: Modern Hypervisor for the Cloud. See https://github.com/cloud-hypervisor/cloud-hypervisor instead
C
915
star
12

compute-runtime

Intel® Graphics Compute Runtime for oneAPI Level Zero and OpenCL™ Driver
C++
912
star
13

caffe

This fork of BVLC/Caffe is dedicated to improving performance of this deep learning framework when running on CPU, in particular Intel® Xeon processors.
C++
850
star
14

isa-l

Intelligent Storage Acceleration Library
C
816
star
15

media-driver

C
783
star
16

cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Python
721
star
17

intel-cmt-cat

User space software for Intel(R) Resource Director Technology
C
630
star
18

fastuidraw

C++
603
star
19

optimization-manual

Contains the source code examples described in the "Intel® 64 and IA-32 Architectures Optimization Reference Manual"
Assembly
602
star
20

libipt

libipt - an Intel(R) Processor Trace decoder library
C
594
star
21

libxcam

libXCam is a project for extended camera(not limited in camera) features and focus on image quality improvement and video analysis. There are lots features supported in image pre-processing, image post-processing and smart analysis. This library makes GPU/CPU/ISP working together to improve image quality. OpenCL is used to improve performance in different platforms.
C++
590
star
22

clDNN

Compute Library for Deep Neural Networks (clDNN)
C++
573
star
23

libva

Libva is an implementation for VA-API (Video Acceleration API)
C
558
star
24

intel-graphics-compiler

C++
503
star
25

wds

Wireless Display Software For Linux OS (WDS)
C++
496
star
26

thermal_daemon

Thermal daemon for IA
C++
485
star
27

x86-simd-sort

C++ header file library for high performance SIMD based sorting algorithms for primitive datatypes
C++
485
star
28

Intel-Linux-Processor-Microcode-Data-Files

466
star
29

gvt-linux

C
463
star
30

kernel-fuzzer-for-xen-project

Kernel Fuzzer for Xen Project (KF/x) - Hypervisor-based fuzzing using Xen VM forking, VMI & AFL
C
441
star
31

tinycbor

Concise Binary Object Representation (CBOR) Library
C
432
star
32

openfl

An open framework for Federated Learning.
Python
427
star
33

cc-oci-runtime

OCI (Open Containers Initiative) compatible runtime for Intel® Architecture
C
415
star
34

tinycrypt

tinycrypt is a library of cryptographic algorithms with a focus on small, simple implementation.
C
373
star
35

compile-time-init-build

C++ library for composing modular firmware at compile-time.
C++
372
star
36

ARM_NEON_2_x86_SSE

The platform independent header allowing to compile any C/C++ code containing ARM NEON intrinsic functions for x86 target systems using SIMD up to SSE4 intrinsic functions
C
369
star
37

yarpgen

Yet Another Random Program Generator
C++
357
star
38

intel-device-plugins-for-kubernetes

Collection of Intel device plugins for Kubernetes
Go
356
star
39

QAT_Engine

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist
C
356
star
40

linux-sgx-driver

Intel SGX Linux* Driver
C
334
star
41

safestringlib

C
328
star
42

xess

C
313
star
43

idlf

Intel® Deep Learning Framework
C++
311
star
44

ad-rss-lib

Library implementing the Responsibility Sensitive Safety model (RSS) for Autonomous Vehicles
C++
298
star
45

intel-vaapi-driver

VA-API user mode driver for Intel GEN Graphics family
C
289
star
46

ipp-crypto

C
269
star
47

rohd

The Rapid Open Hardware Development (ROHD) framework is a framework for describing and verifying hardware in the Dart programming language. ROHD enables you to build and traverse a graph of connectivity between module objects using unrestricted software.
Dart
256
star
48

opencl-intercept-layer

Intercept Layer for Debugging and Analyzing OpenCL Applications
C++
255
star
49

FSP

Intel(R) Firmware Support Package (FSP)
C
244
star
50

dffml

The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease.
Python
244
star
51

userspace-cni-network-plugin

Go
242
star
52

intel-ipsec-mb

Intel(R) Multi-Buffer Crypto for IPSec
C
238
star
53

isa-l_crypto

Assembly
232
star
54

confidential-computing-zoo

Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
CMake
229
star
55

bmap-tools

BMAP Tools
Python
227
star
56

intel-extension-for-tensorflow

Intel® Extension for TensorFlow*
C++
226
star
57

ozone-wayland

Wayland implementation for Chromium Ozone classes
C++
214
star
58

intel-qs

High-performance simulator of quantum circuits
C++
202
star
59

SGXDataCenterAttestationPrimitives

C++
202
star
60

intel-sgx-ssl

Intel® Software Guard Extensions SSL
C
197
star
61

msr-tools

C
195
star
62

depth-camera-web-demo

JavaScript
194
star
63

rmd

Go
189
star
64

CPU-Manager-for-Kubernetes

Kubernetes Core Manager for NFV workloads
Python
187
star
65

asynch_mode_nginx

C
186
star
66

hexl

Intel®️ Homomorphic Encryption Acceleration Library accelerates modular arithmetic operations used in homomorphic encryption
C++
181
star
67

ros_object_analytics

C++
177
star
68

zephyr.js

JavaScript* Runtime for Zephyr* OS
C
176
star
69

generic-sensor-demos

HTML
175
star
70

ipmctl

C
172
star
71

sgx-ra-sample

C++
171
star
72

lmbench

C
171
star
73

cri-resource-manager

Kubernetes Container Runtime Interface proxy service with hardware resource aware workload placement policies
Go
170
star
74

platform-aware-scheduling

Enabling Kubernetes to make pod placement decisions with platform intelligence.
Go
165
star
75

virtual-storage-manager

Python
165
star
76

PerfSpect

System performance characterization tool based on linux perf
Python
164
star
77

he-transformer

nGraph-HE: Deep learning with Homomorphic Encryption (HE) through Intel nGraph
C++
163
star
78

systemc-compiler

This tool translates synthesizable SystemC code to synthesizable SystemVerilog.
C++
155
star
79

webml-polyfill

Deprecated, the Web Neural Network Polyfill project has been moved to https://github.com/webmachinelearning/webnn-polyfill
Python
153
star
80

pmem-csi

Persistent Memory Container Storage Interface Driver
Go
151
star
81

libyami

Yet Another Media Infrastructure. it is core part of media codec with hardware acceleration, it is yummy to your video experience on Linux like platform.
C++
148
star
82

ros_openvino_toolkit

C++
147
star
83

rib

Rapid Interface Builder (RIB) is a browser-based design tool for quickly prototyping and creating the user interface for web applications. Layout your UI by dropping widgets onto a canvas. Run the UI in an interactive "Preview mode". Export the generated HTML and Javascript. It's that simple!
JavaScript
147
star
84

ideep

Intel® Optimization for Chainer*, a Chainer module providing numpy like API and DNN acceleration using MKL-DNN.
C++
145
star
85

libva-utils

Libva-utils is a collection of tests for VA-API (VIdeo Acceleration API)
C
144
star
86

gmmlib

C++
141
star
87

numatop

NumaTOP is an observation tool for runtime memory locality characterization and analysis of processes and threads running on a NUMA system.
C
139
star
88

ros2_grasp_library

C++
138
star
89

XBB

C++
133
star
90

tdx-tools

Cloud Stack and Tools for Intel TDX (Trust Domain Extension)
C
131
star
91

ros2_intel_realsense

This project is deprecated and no more maintained. Please visit https://github.com/IntelRealSense/realsense-ros for ROS2 wrapper.
C++
131
star
92

linux-intel-lts

C
131
star
93

CeTune

Python
130
star
94

cm-compiler

C++
130
star
95

pti-gpu

Profiling Tools Interfaces for GPU (PTI for GPU) is a set of Getting Started Documentation and Tools Library to start performance analysis on Intel(R) Processor Graphics easily
C++
129
star
96

fMBT

Free Model Based tool
Python
129
star
97

zlib

C
128
star
98

ros_intel_movidius_ncs

C++
126
star
99

mpi-benchmarks

C
125
star
100

mOS

C
124
star