install_oe_sdk-Ubuntu_16.04.md

Install the Open Enclave SDK (Ubuntu 16.04)

Platform requirements

• Ubuntu 16.04-LTS 64-bit.
  • Instructions are also available for Ubuntu 18.04-LTS 64-bit.
• SGX1-capable system with support for Flexible Launch Control (FLC).
  • You can acquire a VM with the required features from Azure Confidential Compute.
  • If you are setting up your own device, check if your existing device supports SGX with FLC.
    • If your device only supports SGX without FLC, you will need to clone and build OE SDK for that configuration.
    • If your device does not support SGX, follow the instructions for simulation mode.

1. Configure the Intel and Microsoft APT Repositories

echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu xenial main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -

echo "deb http://apt.llvm.org/xenial/ llvm-toolchain-xenial-7 main" | sudo tee /etc/apt/sources.list.d/llvm-toolchain-xenial-7.list
wget -qO - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -

echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/16.04/prod xenial main" | sudo tee /etc/apt/sources.list.d/msprod.list
wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

2. Install the Intel SGX DCAP Driver

sudo apt update
sudo apt -y install dkms
wget https://download.01.org/intel-sgx/dcap-1.2/linux/dcap_installers/ubuntuServer16.04/sgx_linux_x64_driver_1.12_c110012.bin -O sgx_linux_x64_driver.bin
chmod +x sgx_linux_x64_driver.bin
sudo ./sgx_linux_x64_driver.bin

This may not be the latest Intel SGX DCAP driver. Please check with Intel's SGX site if a more recent SGX DCAP driver exists.

3. Install the Intel and Open Enclave packages and dependencies

sudo apt -y install clang-7 libssl-dev gdb libsgx-enclave-common libsgx-enclave-common-dev libprotobuf9v5 libsgx-dcap-ql libsgx-dcap-ql-dev az-dcap-client open-enclave

This step also installs the az-dcap-client package which is necessary for performing remote attestation in Azure. A general implementation for using Intel DCAP outside the Azure environment is coming soon.

If you wish to use the Ninja build system rather than make, also install

sudo apt -y install ninja-build

If you wish to make use of the Open Enclave CMake package, please install CMake and follow the instructions here.

4. Verify the Open Enclave SDK install

See Using the Open Enclave SDK for verifying and using the installed SDK.