Skip to content

SGX MVP Installation Guide

Prerequisites

Before installing the Nautilus MVP, ensure your system meets the following requirements:

System Requirements

  • Ubuntu 20.04
  • Intel CPU with SGX support
  • Support for DCAP attestation (e.g. Azure)

Required Software

  1. Python Environment

    • Python 3.8
    • Python development packages
    sudo apt-get update
    sudo apt-get install libffi-dev
    sudo apt-get install python3.8-dev
    sudo apt-get install python3-numpy python3-scipy
    
  2. Gramine

    Follow the instructions in the Gramine Installation Guide under "Install Gramine packages" and Prepare a signing key.

    gramine-sgx-gen-private-key keys/enclave-key.pem
    chmod 400 keys/enclave-key.pem
    
  3. Rust Environment

    # Install Rust using rustup
    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
    source $HOME/.cargo/env
    
  4. General Dependencies

    sudo apt-get update
    sudo apt-get install -y libssl-dev ca-certificates
    
  5. Install Azure DCAP Attestation dependancies

    wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add
    sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/ubuntu/`lsb_release -rs`/prod `lsb_release -cs` main"
    sudo apt install az-dcap-client
    
    sudo apt update
    sudo apt-get install pkg-config
    sudo apt install sgx-aesm-service libsgx-aesm-ecdsa-plugin libsgx-aesm-quote-ex-plugin
    

    The AESM service should be up and running. To confirm that, use:

    sudo systemctl status aesmd.service
    

    Setup Azure DCAP:

    export AZDCAP_COLLATERAL_VERSION=v4
    export AZDCAP_DEBUG_LOG_LEVEL=Info
    export RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE=1
    export RA_TLS_ALLOW_OUTDATED_TCB_INSECURE=1
    export RA_TLS_ALLOW_HW_CONFIG_NEEDED=1
    export RA_TLS_ALLOW_SW_HARDENING_NEEDED=1
    

    Make sure to always restart the aesmd.service after updating the configuration:

    sudo systemctl restart aesmd.service
    

Verification Steps

  1. Check Python Version

    python3 --version  # Should show 3.8.x
    
  2. Verify Rust installation

    rustc --version
    cargo --version
    
  3. Check SGX compatibility (Gramine)

    Gramine docs

    is-sgx-available
    

SGX Setup

Ensure you have a Gramine signing key

  1. Manifest Configuration

    Check the paths in sgx-mvp.manifest.template and modify if necessary.

  2. Build Instructions

    make SGX=1 mvp RA_TYPE=dcap
    
  3. Run NTLS MVP

    gramine-sgx sgx-mvp