This document is to provide a viable solution to enable Open Enclave SGX DCAP remote attestation to run on non-Azure Confidential Computing (ACC) machines. It relies on several Intel components and services which are subject to Intel's changes.
- Ubuntu 18.04-LTS or Ubuntu 20.04-LTS 64-bit.
- SGX1 capable system with Flexible Launch Control support. This feature is only available on Intel Coffee Lake processor (8th gen) or newer.
- It is strongly recommended to update your BIOS to newest version before start. With the setup described by this document, all attestation will be against the most recent collateral. Old BIOS versions, which may have lower CPU SVN, will cause attestation to fail.
Use the following command to download the source code.
git clone --recursive https://github.com/openenclave/openenclave.git
This creates a source tree under the directory called openenclave.
First, change directory into the openenclave repository:
cd openenclave
Ansible is required to install the project requirements. If not already installed, you can install it by running:
sudo scripts/ansible/install-ansible.sh
Then run the following command to install the dependency:
ansible-playbook scripts/ansible/oe-contributors-setup.yml
NOTE: The Ansible playbook commands from above will try to execute tasks with sudo rights. Make sure that the user running the playbooks has sudo rights, and if it uses a sudo password add the following extra parameter --ask-become-pass.
To install Intel DCAP Quote Provider Library, you can choose to install it from the Intel SGX repository (recommended), or install it manually with dpkg.
If you set up your environment by keeping following this documentation, then the Intel SGX APT source repository has been added. Directly run the following command to install it.
sudo apt install libsgx-dcap-default-qpl
NOTE: In case the Intel SGX APT source repository is not added to your system. Run the following commands to add it.
On Ubuntu 18.04:
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
On Ubuntu 20.04:
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
Add the key to the list of trusted keys used by the apt to authenticate packages:
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
Update apt package database
sudo apt-get update
Intel DCAP Quote Provider package can be installed manually by finding the appropriate libsgx-dcap-default-qpl package in the Intel SGX DCAP repository. As there are multiple different versions available, please download the version that matches Intel SGX version and your OS version.
For Ubuntu 18.04 (code name Bionic Beaver), please download the version libsgx-dcap-default-qpl_{VERSION}-bionic1_amd64.deb
. Example: Ubuntu 18.04 with Intel SGX DCAP 1.10.3 would download libsgx-dcap-default-qpl_1.10.103.1-bionic1_amd64.deb.
For Ubuntu 20.04 (code name Focal Fossa), please download the version libsgx-dcap-default-qpl_{VERSION}-focal1_amd64.deb
. For example: Ubuntu 20.04 with Intel SGX DCAP 1.10.3 would download libsgx-dcap-default-qpl_1.10.103.1-focal1_amd64.deb.
In this document, we use libsgx-dcap-default-qpl_1.8.100.2-bionic1_amd64.deb as an example, run the command below to download the package
cd ~
wget https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/distro/ubuntu18.04-server/debian_pkgs/libs/libsgx-dcap-default-qpl/libsgx-dcap-default-qpl_1.8.100.2-bionic1_amd64.deb
Then install the package
sudo dpkg -i libsgx-dcap-default-qpl_1.8.100.2-bionic1_amd64.deb
OE expects the file name of the qpl to be libdcap_quoteprov.so. But the Intel default qpl creates installed libdcap_quoteprov.so.1 and libdcap_quoteprov.so.1.8.100.2. libdcap_quoteprov.so.1 is a soft link to libdcap_quoteprov.so.1.8.100.2. To allow OE works properly, we need to create the other soft link called libdcap_quoteprov.s linking to libdcap_quoteprov.so.1.8.100.2
Check where those files are installed.
dpkg --listfiles libsgx-dcap-default-qpl
In most cases, it should be in /usr/lib/x86_64-linux-gnu/
Use /usr/lib/x86_64-linux-gnu/ as an example.
cd /usr/lib/x86_64-linux-gnu/
sudo ln -s libdcap_quoteprov.so.1.8.100.2 libdcap_quoteprov.so
NOTES TO USERS WHO HAVE ALREADY INSTALLED AZURE DCAP CLIENT:
If you have Azure DCAP Client installed before trying these instructions, please make sure the Azure one is renamed to something else.
To check if you have it installed, run the following command.
dpkg --list | grep az-dcap-client
If you don't have the Azure DCAP Client installed previously, please skip the content below.
In most cases the Azure version of libdcap_quoteprov.so is located in /usr/lib. Check your path before changing. Here we use /usr/lib as an example.
sudo mv /usr/lib/libdcap_quoteprov.so /usr/lib/libdcap_quoteprov.so.azure
Otherwise the Azure one might still get used because $PATH might have /usr/lib before the path /usr/lib/x86_64-linux-gnu with the Intel version.
Edit the file /etc/sgx_default_qcnl.conf. To accept insecure HTTPS cert, set the option USE_SECURE_CERT to FALSE as we will use a local caching service which doesn't have a secure cert.
USE_SECURE_CERT=FALSE
Note: The cert mentioned in /etc/sgx_default_qcnl.conf is just for a regular TLS handshaking between the QPL and the PCCS. That cert itself has nothing to do with attestation process. It has no relationship with the certs (e.g., Provisioning Certification Key certs (PCK certs)) that being used in the attestation.
Setting "USE_SECURE_CERT=FALSE" doesn't mean your attestation process is insecure. It just means QPL will accept a self-signed cert for TLS handshaking with PCCS. A CA-signed/self-signed cert might be a better word than a "secure/insecure" cert. But that's how exactly the /etc/sgx_default_qcnl.conf describes it. So we just document it accordingly.
If you don't have an Intel account, go to https://www.intel.com to register one by using the button at the corner.
Sign in with your Intel account and then go to https://api.portal.trustedservices.intel.com/provisioning-certification
You shall see the screen like this:
Click the subscribe button then you shall see a page like this.
Then click the subscribe button again. You shall see your subscription information.
Get the value of your primary key, which will be used during PCCS service bring up.
Install nodejs and npm if you haven't
curl -sL https://deb.nodesource.com/setup_13.x | sudo -E bash
sudo apt-get install -y nodejs
To install PCCS, you can choose to install it from the Intel SGX repository (recommended), or install it manually with dpkg.
sudo apt install sgx-dcap-pccs
NOTE: In case the Intel SGX APT source repository is not added to your system. See how to add it in Section 3.1.
PCCS can be installed manually by finding the appropriate sgx-dcap-pccs package in the Intel SGX DCAP repository. As there are multiple different versions available, please download the version that matches Intel SGX version and your OS version.
For Ubuntu 18.04, please download the version sgx-dcap-pccs_{VERSION}-bionic1_amd64.deb
. Example: Ubuntu 18.04 with Intel SGX DCAP 1.10.3 would download sgx-dcap-pccs_1.10.103.1-bionic1_amd64.deb.
For Ubuntu 20.04, please download the version sgx-dcap-pccs_{VERSION}-focal1_amd64.deb
. For example: Ubuntu 20.04 with Intel SGX DCAP 1.10.3 would download sgx-dcap-pccs_1.10.103.1-focal1_amd64.deb.
In this document, we use sgx-dcap-pccs_1.8.100.2-bionic1_amd64.deb as an example. Run the command below to download the package
cd ~
wget https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/distro/ubuntu18.04-server/debian_pkgs/web/sgx-dcap-pccs/sgx-dcap-pccs_1.8.100.2-bionic1_amd64.deb
Then install the package.
sudo dpkg -i sgx-dcap-pccs_1.8.100.2-bionic1_amd64.deb
You will be asked to finish the configuration during the installation process.
Recommended config:
- HTTPS listening port: use default value.
- Set the PCCS service to accept local connections only: use default value.
- Set your Intel Provisioning Certificate Service(PCS) API key: use the primary key of your subscription.
- Choose caching fill method: use default value.
- Set PCCS server administrator password: set your password
- Set PCCS server user password: set your password
- Do you want to generate insecure HTTPS key and cert for PCCS service?: Use default value and then in the following questions type in your info.
You can skip the following two items.
- A challenge password []:
- An optional company name []:
Then check the status of your service.
pm2 status
You should be able to see the service is running.
Run the following command to verify if it can actually fetch the root CA CRL from the Intel PCK service
curl --noproxy "*" -v -k -G "https://localhost:8081/sgx/certification/v2/rootcacrl"
To learn more about PCCS, please refer to the PCCS GitHub repository.
To build, first create a build directory ("build" in the example below) and change directory into it.
cd ~/openenclave/
mkdir build
cd build
Then run cmake
to configure the build and generate the Makefiles, and then build by running make
or 'ninja' depending:
cmake -G "Unix Makefiles" ..
make
or
cmake -G "Ninja" ..
ninja
After building, run all unit test cases using ctest
to confirm the SDK is built and working as expected.
Run the following command from the build directory:
ctest
You will see test logs similar to the following:
~/openenclave/build$ ctest
Test project /home/youradminusername/openenclave/build
Start 1: tests/aesm
1/123 Test #1: tests/aesm ............................................................................................................... Passed 0.98 sec
Start 2: tests/mem
2/123 Test #2: tests/mem ................................................................................................................ Passed 0.00 sec
Start 3: tests/str
3/123 Test #3: tests/str ................................................................................................................ Passed 0.00 sec
....
....
....
122/123 Test #122: tools/oedump ............................................................................................................. Passed 0.00 sec
Start 123: oeelf
123/123 Test #123: oeelf .................................................................................................................... Passed 0.00 sec
100% tests passed, 0 tests failed out of 123
Total Test time (real) = 83.61 sec
A clean pass of the above unit tests is an indication that your Open Enclave setup was successful.
Above remote attestation tests/samples will only succeed if using a production CPU. If you want remote attestation tests/samples to succeed on the pre-production CPU, you should follow below steps to switch backend provisioning server to pre-production.
You will need to make some changes in Step 4.1 and 5 above when using the pre-production platforms.
Get the SBX primary key from https://sbx.api.portal.trustedservices.intel.com/provisioning-certification. The steps of installing and configuring PCCS are similar to Step 4.2.
Please check PCCS configuration file (config/production-0.json)
- uri - The URL needs to be set as https://sbx.api.trustedservices.intel.com/sgx/certification/v2/.
- ApiKey - The API key needs to be set as SBX primary key.
common/sgx/quote.c
// Public key of Intel's root certificate.
static const char* g_expected_root_certificate_key =
"-----BEGIN PUBLIC KEY-----\n"
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi71OiO\n"
- "SLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlA==\n"
+ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET/oP/VYc2tbA+Y0wjIEoxbknonMy\n"
+ "yOjrE/a+QrVx1kZvU8ZE/8L/wQKCIOSaSWbPAvMuL7TTSbssuu0okDegLQ==\n"
"-----END PUBLIC KEY-----\n";
common/sgx/tcbinfo.c
// Public key of Intel's root certificate.
static const char* _trusted_root_key_pem =
"-----BEGIN PUBLIC KEY-----\n"
- "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi71OiO\n"
- "SLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlA==\n"
+ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET/oP/VYc2tbA+Y0wjIEoxbknonMy\n"
+ "yOjrE/a+QrVx1kZvU8ZE/8L/wQKCIOSaSWbPAvMuL7TTSbssuu0okDegLQ==\n"
"-----END PUBLIC KEY-----\n";