<!-- SPDX-License-Identifier: (AGPL-3.0-only OR CC-BY-4.0) --> # Enabling SGX ## Verify Intel SGX is enabled in BIOS Enter BIOS by pressing the BIOS key during boot. The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC. Usually Intel SGX is disabled by default. To enable: - find the Intel SGX feature in BIOS Menu (it is usually under the "Advanced" or "Security" menu) - Set SGX in BIOS as `enabled` (preferably) or `software-controlled`. - save your BIOS settings and exit BIOS. ## Enable "software-controlled" SGX Software-controlled means that SGX needs to be enabled by running a utility. This repo includes the **_sgx_enable_** utility. To enable SGX run: ```bash sudo ./sgx_enable ``` Note: if you are not using Ubuntu 18.04 (Not recommended!), you may need to rebuild the sgx-software-enable utility before use by typing: ```bash cd sgx-software-enable; make ``` ## Install SGX driver Install make and gcc if you do not have it: ```bash apt-get install build-essential ``` Run the following command: ```bash cd scripts; sudo ./sgx_linux_x64_driver_2.11.0_0373e2e.bin; cd .. ``` Alternatively, other driver versions may be downloaded from Intel. Please note that version `2.11.0_0373e2e` is what is currently supported. Reboot you machine after driver install. Do `ls /dev/isgx` to check that `isgx` device is properly installed. If you do not see the `isgx` device, you need to troubleshoot your driver installation. If driver installation fails, you can also try installing driver from the Intel github repository. Do ```bash git clone https://github.com/intel/linux-sgx-driver ``` And then follow instructions in README.md ## Troubleshooting Installation - If the message `intel_sgx: SGX is not enabled` appears in `/var/log/syslog` Intel SGX needs to be enabled in BIOS. - If you are running in Intel SGX hardware mode, make sure you have device `/dev/isgx` (and not `/dev/sgx`). Review the Intel SGX device driver installation instructions above. If you have `/dev/sgx` the device driver must be removed first. - If you are running in Intel SGX hardware mode, you need to modify the `ias_api_key` in `config/tcs_config.toml` with your IAS Subscription key obtained in the instructions above.