Enabling SGX on CentOS 9 Stream

# Enabling SGX on CentOS 9 Stream ###### tags: `Instructions` Getting SGX dependencies running for Enarx, which depends on Intel's AESM service. 1. Install SGX SDK & dependencies 1. Activate EPEL repo 1. `dnf config-manager --set-enabled crb` 2. `dnf install epel-release epel-next-release` 2. Install dependencies 1. `yum install ocaml ocaml-ocamlbuild gcc gcc-c++ cmake wget perl perl-FindBin systemd-devel createrepo boost-devel protobuf-lite-devel protobuf-c-compiler protobuf-c-devel libcurl-devel openssl-devel git nodejs` 2. Fetch, install musl packages from https://koji.fedoraproject.org/koji/buildinfo?buildID=2016305 3. Fetch, install Intel libraries 1. `git clone https://github.com/intel/linux-sgx.git` 2. `cd linux-sgx` 3. `make preparation` 4. `make sdk` 5. `make sdk_install_pkg` 6. Run: `./linux/installer/bin/sgx_linux_x64_sdk_2.18.100.3.bin` 1. Select the install directory: `/opt/intel/`. This is required as it places header files which will be required to be in this location by subsequent build steps. 7. `make psw` 8. `make rpm_psw_pkg` 9. Install the packages from linux-sgx/linux/installer/rpm/ 1. `rpm -i libsgx-headers/libsgx-headers-2.18.100.3-1.el9.x86_64.rpm` 2. `rpm -i libsgx-enclave-common/libsgx-enclave-common-2.18.100.3-1.el9.x86_64.rpm` 3. `rpm -i libsgx-enclave-common/libsgx-enclave-common-devel-2.18.100.3-1.el9.x86_64.rpm` 4. `rpm -i libsgx-enclave-common/libsgx-enclave-common-devel-2.18.100.3-1.el9.x86_64.rpm` 5. `rpm -i libsgx-epid/libsgx-epid-2.18.100.3-1.el9.x86_64.rpm` 6. `rpm -i libsgx-epid/libsgx-epid-devel-2.18.100.3-1.el9.x86_64.rpm` 7. `rpm -i libsgx-launch/libsgx-launch-2.18.100.3-1.el9.x86_64.rpm` 8. `rpm -i libsgx-launch/libsgx-launch-devel-2.18.100.3-1.el9.x86_64.rpm` 9. `rpm -i libsgx-quote-ex/libsgx-quote-ex-2.18.100.3-1.el9.x86_64.rpm` 10. `rpm -i libsgx-quote-ex/libsgx-quote-ex-devel-2.18.100.3-1.el9.x86_64.rpm` 11. `rpm -i libsgx-uae-service/libsgx-uae-service-2.18.100.3-1.el9.x86_64.rpm` 12. `rpm -i libsgx-urts/libsgx-urts-2.18.100.3-1.el9.x86_64.rpm` 13. `cd sgx-aesm-service/` 14. `rpm -i libsgx-dcap-default-qpl-1.15.100.3-1.el9.x86_64.rpm` 15. `rpm -i libsgx-dcap-default-qpl-devel-1.15.100.3-1.el9.x86_64.rpm` 16. `rpm -i libsgx-dcap-ql-1.15.100.3-1.el9.x86_64.rpm` 17. `rpm -i libsgx-pce-logic-1.15.100.3-1.el9.x86_64.rpm libsgx-ae-pce-2.18.100.3-1.el9.x86_64.rpm` 18. `rpm -i libsgx-dcap-ql-1.15.100.3-1.el9.x86_64.rpm libsgx-qe3-logic-1.15.100.3-1.el9.x86_64.rpm libsgx-ae-id-enclave-1.15.100.3-1.el9.x86_64.rpm libsgx-ae-qe3-1.15.100.3-1.el9.x86_64.rpm` 19. `rpm -i libsgx-ra-network-1.15.100.3-1.el9.x86_64.rpm` 20. `rpm -i libsgx-ra-uefi-1.15.100.3-1.el9.x86_64.rpm` 21. `rpm -i sgx-ra-service-1.15.100.3-1.el9.x86_64.rpm` 22. `rpm -i libsgx-aesm-ecdsa-plugin-2.18.100.3-1.el9.x86_64.rpm` 23. `rpm -i sgx-aesm-service-2.18.100.3-1.el9.x86_64.rpm` 24. `rpm -i libsgx-aesm-ecdsa-plugin-2.18.100.3-1.el9.x86_64.rpm libsgx-aesm-pce-plugin-2.18.100.3-1.el9.x86_64.rpm` 25. `rpm -i libsgx-ae-le-2.18.100.3-1.el9.x86_64.rpm` 26. `rpm -i libsgx-aesm-launch-plugin-2.18.100.3-1.el9.x86_64.rpm` 27. `rpm -i sgx-dcap-pccs-1.15.100.3-1.el9.x86_64.rpm` 28. `rpm -i libsgx-aesm-quote-ex-plugin-2.18.100.3-1.el9.x86_64.rpm` 29. `rpm -i libsgx-dcap-quote-verify-1.15.100.3-1.el9.x86_64.rpm` 30. `rpm -i libsgx-dcap-quote-verify-devel-1.15.100.3-1.el9.x86_64.rpm` 4. Ensure aesmd is running: `service aesmd status` 5. Configure `pccs`: 1. `cd /opt/intel/sgx-dcap-pccs/` 2. Run `install.sh` 3. Check the permissions on the directories, all should be owned by `pccs` 4. Ensure pccs is running: `service pccs status` 2. Build Enarx 1. Checkout: `git clone https://github.com/enarx/enarx.git` 2. Install Rust: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh` 3. Build: `cargo build --release`