Intel® SGX Software Installation Guide for Linux OS

Introduction

This guide outlines the installation process of the Intel® Software Guard Extensions (Intel® SGX) software components, specifically:

• Intel® SGX Software Development Kit (Intel SGX SDK): Assists developers in creating applications that utilize Intel SGX.
• Intel® SGX Platform Software (Intel SGX PSW) for Linux* OS: Provides software modules to run Intel® SGX applications on Linux* OS.
• Intel® SGX/TDX Data Center Attestation Primitives (Intel SGX/TDX DCAP) for Linux* OS: Provides software modules to perform application attestation.

This document focuses on the installation process for the following Linux distributions:

• CentOS* Server
• Debian
• Red Hat* Enterprise Linux*
• SUSE Linux Enterprise Server
• Ubuntu* Server

The source code for Intel® SGX software components is available on GitHub* at at the following locations:

• Intel SGX SDK and Intel SGX PSW: https://github.com/intel/linux-sgx
• Intel SGX/TDX DCAP: https://github.com/intel/SGXDataCenterAttestationPrimitives

An overview of the all releases can be found at https://download.01.org/intel-sgx/Releases/. Additionally, installation repositories for Intel SGX PSW and Intel SGX/TDX DCAP are provided for multiple OSes:

Red Hat, CentOS, Anolis, and SUSEUbuntu and Debian

Provided via tar file located at https://download.01.org/intel-sgx/latest/linux-latest/distro/<distro>/.

Provided as remote repository at https://download.01.org/intel-sgx/sgx_repo/ubuntu/ and via tar file located at https://download.01.org/intel-sgx/latest/linux-latest/distro/<distro>/.

Installation Instructions

This section is designed to provide quick setup instructions to help with configuring a platform to support Intel® SGX for a variety of usages -- running an Intel SGX application, building and running an Intel SGX application, or building the Intel SGX software stack. For details about software packages used for Intel® SGX and Intel® TDX, see the Software Packages chapter.

Driver Installation

The Linux* kernel contains the necessary driver since the mainline kernel release 5.11. Accordingly, a driver installation is no longer necessary in Linux OSes with a newer kernel. The resulting device node is located at /dev/{sgx_enclave, sgx_provision}. Note that the platform needs to support Flexible Launch Control and it must be configured.

What is Flexible Launch Control?

All platforms since the 3rd Gen Intel® Xeon® Scalable Processor support Flexible Launch Control, officially known as SGX Launch Control. On such platforms, the Intel SGX driver dynamically reconfigures the launch control MSRs for each enclave loaded, so that the enclave does not need a valid Launch Token to run. See section "Intel® SGX Launch Control Configuration" in the Intel® 64 and IA-32 Architectures Software Developer Manuals](https://software.intel.com/en-us/articles/intel-sdm) for more information.

Software Installation based on Use Case

The procedure for configuring a platform with the necessary Intel® SGX software components depends on the intended use of the platform. In the following sections, we describe the installation steps for different use cases:

• Start an application that uses an Intel® SGX enclave: Section Intel® SGX Application User.
• Build or develop an application that uses an Intel® SGX enclave: Section Intel® SGX Application Developer.
• Build or develop the Intel SGX software stack, i.e., the Intel SGX SDK, the Intel SGX PSW, or Intel SGX/TDX DCAP: Section Intel® SGX Software Stack Developer or Builder.

Intel® SGX Application User

To start an application that uses an Intel® SGX enclave, install the necessary packages from the Intel® SGX Platform Software (Intel® SGX PSW) and Intel® SGX/TDX DCAP.

Install Packages

DebianRed Hat and CentOSSUSE Linux Enterprise ServerUbuntu

Follow the steps below to install the primary Intel® SGX packages: libsgx-quote-ex and libsgx-dcap-ql.

Dependent packages automatically installed

Installing the primary Intel® SGX packages (libsgx-quote-ex and libsgx-dcap-ql) will also automatically install the following dependent packages required for SGX functionality:

• libsgx-ae-le
• libsgx-ae-pce
• libsgx-ae-qe3
• libsgx-ae-qve
• libsgx-aesm-ecdsa-plugin
• libsgx-aesm-quote-ex-plugin
• libsgx-dcap_quote-verify
• libsgx-enclave-common
• libsgx-pce-logic
• libsgx-qe3-logic
• libsgx-urts
• sgx-aesm-service

• Download the correct repository archive:

  Debian 12Debian 10

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/Debian12/sgx_debian_local_repo.tgz
  

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/Debian10/sgx_debian_local_repo.tgz
  

• Verify that the repository archive has the expected, publicly-available checksum:

  Debian 12Debian 10

  local_sum=$(sha256sum sgx_debian_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/Debian12/sgx_debian_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

  local_sum=$(sha256sum sgx_debian_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/Debian10/sgx_debian_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

• Extract the repository archive to an appropriate folder, e.g., /opt/intel:

  Debian 12Debian 10

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_debian_local_repo.tgz -C /opt/intel
  

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_debian_local_repo.tgz -C /opt/intel
  

• Add local repository to your system's list of package sources:

  Debian 12Debian 10

  echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] file:///opt/intel/sgx_debian_local_repo bookworm main' \
      | sudo tee /etc/apt/sources.list.d/sgx_debian_local_repo.list
  

  echo 'deb [signed-by=/usr/share/keyrings/intel-sgx-keyring.asc arch=amd64] file:///opt/intel/sgx_debian_local_repo buster main' \
      | sudo tee /etc/apt/sources.list.d/sgx_debian_local_repo.list
  

• Add the public key of the package repository to the list of trusted keys that are used by apt to authenticate packages:

  Debian 12Debian 10

  sudo cp /opt/intel/sgx_debian_local_repo/keys/intel-sgx.key /etc/apt/keyrings/intel-sgx-keyring.asc
  

  sudo cp /opt/intel/sgx_debian_local_repo/keys/intel-sgx.key /usr/share/keyrings/intel-sgx-keyring.asc
  

• Update the package index and install the required packages:

  Debian 12Debian 10

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

• (Optional) To debug with sgx-gdb, install the debug symbol packages:

  Debian 12Debian 10

  sudo apt-get install \
      libsgx-aesm-ecdsa-plugin-dbgsym \
      libsgx-aesm-launch-plugin-dbgsym \
      libsgx-aesm-pce-plugin-dbgsym \
      libsgx-aesm-quote-ex-plugin-dbgsym \
      libsgx-dcap-default-qpl-dbgsym \
      libsgx-dcap-ql-dbgsym \
      libsgx-dcap-quote-verify-dbgsym \
      libsgx-enclave-common-dbgsym \
      libsgx-launch-dbgsym \
      libsgx-pce-logic-dbgsym \
      libsgx-qe3-logic-dbgsym \
      libsgx-quote-ex-dbgsym \
      libsgx-ra-network-dbgsym \
      libsgx-ra-uefi-dbgsym \
      libsgx-tdx-logic-dbgsym \
      libsgx-uae-service-dbgsym \
      libsgx-urts-dbgsym \
      libtdx-attest-dbgsym \
      sgx-aesm-service-dbgsym \
      sgx-pck-id-retrieval-tool-dbgsym \
      sgx-ra-service-dbgsym \
      tdx-qgs-dbgsym \
      tee-appraisal-tool-dbgsym
  

  sudo apt-get install \
      libsgx-aesm-ecdsa-plugin-dbgsym \
      libsgx-aesm-launch-plugin-dbgsym \
      libsgx-aesm-pce-plugin-dbgsym \
      libsgx-aesm-quote-ex-plugin-dbgsym \
      libsgx-dcap-default-qpl-dbgsym \
      libsgx-dcap-ql-dbgsym \
      libsgx-dcap-quote-verify-dbgsym \
      libsgx-enclave-common-dbgsym \
      libsgx-launch-dbgsym \
      libsgx-pce-logic-dbgsym \
      libsgx-qe3-logic-dbgsym \
      libsgx-quote-ex-dbgsym \
      libsgx-ra-network-dbgsym \
      libsgx-ra-uefi-dbgsym \
      libsgx-tdx-logic-dbgsym \
      libsgx-uae-service-dbgsym \
      libsgx-urts-dbgsym \
      libtdx-attest-dbgsym \
      sgx-aesm-service-dbgsym \
      sgx-pck-id-retrieval-tool-dbgsym \
      sgx-ra-service-dbgsym \
      tdx-qgs-dbgsym \
      tee-appraisal-tool-dbgsym
  

• (Optional) If you intend to run an application that uses an Intel® SGX enclave requiring the Provision Key Access, your user needs to be added to the group sgx_prv. Note that any enclave obtaining an SGX Quote using the DCAP Quote Generation Library requires this access. A user <username> can be added to the group with the following command:

  Debian 12Debian 10

  sudo usermod -aG sgx_prv <username>
  

  sudo usermod -aG sgx_prv <username>
  

Follow the steps below to install the primary Intel® SGX packages: libsgx-urts, libsgx-quote-ex, and libsgx-dcap-ql.

Dependent packages automatically installed

Installing the primary Intel® SGX packages (libsgx-urts, libsgx-quote-ex, and libsgx-dcap-ql) will also automatically install the following dependent packages required for SGX functionality:

• libsgx-ae-le
• libsgx-ae-pce
• libsgx-ae-qe3
• libsgx-ae-qve
• libsgx-aesm-ecdsa-plugin
• libsgx-aesm-quote-ex-plugin
• libsgx-dcap_quote-verify
• libsgx-enclave-common
• libsgx-pce-logic
• libsgx-qe3-logic
• sgx-aesm-service

• Download the correct repository archive:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/centos-stream9/sgx_rpm_local_repo.tgz
  

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/rhel9.4-server/sgx_rpm_local_repo.tgz
  

• Verify the downloaded repo file with the SHA value in this file:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  local_sum=$(sha256sum sgx_rpm_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/centos-stream9/sgx_rpm_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

  local_sum=$(sha256sum sgx_rpm_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/rhel9.4-server/sgx_rpm_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

• Extract the repository archive to an appropriate folder, e.g., /opt/intel:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_rpm_local_repo.tgz -C /opt/intel
  

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_rpm_local_repo.tgz -C /opt/intel
  

• Add local repository to your system's list of package sources:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo dnf config-manager --add-repo file:///opt/intel/sgx_rpm_local_repo
  

  sudo dnf config-manager --add-repo file:///opt/intel/sgx_rpm_local_repo
  

• Add the public key of the package repository to the list of trusted keys that are used by dnf to authenticate packages:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo rpm --import /opt/intel/sgx_rpm_local_repo/keys/intel-sgx.key
  sudo dnf config-manager --save --setopt=*sgx_rpm_local_repo.gpgkey=file:///opt/intel/sgx_rpm_local_repo/keys/intel-sgx.key
  

  sudo rpm --import /opt/intel/sgx_rpm_local_repo/keys/intel-sgx.key
  sudo dnf config-manager --save --setopt=*sgx_rpm_local_repo.gpgkey=file:///opt/intel/sgx_rpm_local_repo/keys/intel-sgx.key
  

• Install the required packages with:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo dnf install <package names>
  

  sudo dnf install <package names>
  

  For example, use:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo dnf install libsgx-urts libsgx-quote-ex libsgx-dcap-ql
  

  sudo dnf install libsgx-urts libsgx-quote-ex libsgx-dcap-ql
  

• (Optional) To debug with sgx-gdb, install the debug symbol packages. For example:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo dnf install \
      libsgx-aesm-ecdsa-plugin-debuginfo \
      libsgx-aesm-launch-plugin-debuginfo \
      libsgx-aesm-pce-plugin-debuginfo \
      libsgx-aesm-quote-ex-plugin-debuginfo \
      libsgx-dcap-default-qpl-debuginfo \
      libsgx-dcap-ql-debuginfo \
      libsgx-dcap-quote-verify-debuginfo \
      libsgx-enclave-common-debuginfo \
      libsgx-launch-debuginfo \
      libsgx-pce-logic-debuginfo \
      libsgx-qe3-logic-debuginfo \
      libsgx-quote-ex-debuginfo \
      libsgx-ra-network-debuginfo \
      libsgx-ra-uefi-debuginfo \
      libsgx-tdx-logic-debuginfo \
      libsgx-uae-service-debuginfo \
      libsgx-urts-debuginfo \
      libtdx-attest-debuginfo \
      sgx-aesm-service-debuginfo \
      sgx-pck-id-retrieval-tool-debuginfo \
      sgx-ra-service-debuginfo \
      tdx-qgs-debuginfo
  

  sudo dnf install \
      libsgx-aesm-ecdsa-plugin-debuginfo \
      libsgx-aesm-launch-plugin-debuginfo \
      libsgx-aesm-pce-plugin-debuginfo \
      libsgx-aesm-quote-ex-plugin-debuginfo \
      libsgx-dcap-default-qpl-debuginfo \
      libsgx-dcap-ql-debuginfo \
      libsgx-dcap-quote-verify-debuginfo \
      libsgx-enclave-common-debuginfo \
      libsgx-launch-debuginfo \
      libsgx-pce-logic-debuginfo \
      libsgx-qe3-logic-debuginfo \
      libsgx-quote-ex-debuginfo \
      libsgx-ra-network-debuginfo \
      libsgx-ra-uefi-debuginfo \
      libsgx-tdx-logic-debuginfo \
      libsgx-uae-service-debuginfo \
      libsgx-urts-debuginfo \
      libtdx-attest-debuginfo \
      sgx-aesm-service-debuginfo \
      sgx-pck-id-retrieval-tool-debuginfo \
      sgx-ra-service-debuginfo \
      tdx-qgs-debuginfo
  

• (Optional) If you intend to run an application that uses an Intel® SGX enclave requiring the Provision Key Access, your user needs to be added to the group sgx_prv. Note that any enclave obtaining an SGX Quote using the DCAP Quote Generation Library requires this access. A user <username> can be added to the group with the following command:

  CentOS Stream 9Red Hat Enterprise Linux 9.4

  sudo usermod -aG sgx_prv <username>
  

  sudo usermod -aG sgx_prv <username>
  

Follow the steps below to install the primary Intel® SGX packages: libsgx-urts, libsgx-quote-ex, and libsgx-dcap-ql.

Dependent packages automatically installed

Installing the primary Intel® SGX packages (libsgx-urts, libsgx-quote-ex, and libsgx-dcap-ql) will also automatically install the following dependent packages required for SGX functionality:

• libsgx-ae-le
• libsgx-ae-pce
• libsgx-ae-qe3
• libsgx-ae-qve
• libsgx-aesm-ecdsa-plugin
• libsgx-aesm-quote-ex-plugin
• libsgx-dcap_quote-verify
• libsgx-enclave-common
• libsgx-pce-logic
• libsgx-qe3-logic
• sgx-aesm-service

• Download the correct repository archive:

  SUSE Linux Enterprise Server 15 SP6

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/suse15.6-server/sgx_rpm_local_repo.tgz
  

• Verify the downloaded repo file with the SHA value in this file:

  SUSE Linux Enterprise Server 15 SP6

  local_sum=$(sha256sum sgx_rpm_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/suse15.6-server/sgx_rpm_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

• Extract the repository archive to an appropriate folder, e.g., /opt/intel:

  SUSE Linux Enterprise Server 15 SP6

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_rpm_local_repo.tgz -C /opt/intel
  

• Add local repository to your system's list of package sources:

  SUSE Linux Enterprise Server 15 SP6

  sudo zypper addrepo --gpgcheck /opt/intel/sgx_rpm_local_repo sgx_rpm_local_repo
  

• Add the public key of the package repository to the list of trusted keys that are used by zypper to authenticate packages:

  SUSE Linux Enterprise Server 15 SP6

  sudo rpm --import /opt/intel/sgx_rpm_local_repo/keys/intel-sgx.key
  

• Install the required packages with:

  SUSE Linux Enterprise Server 15 SP6

  sudo zypper install <package names>
  

  For example, use:

  SUSE Linux Enterprise Server 15 SP6

  sudo zypper install libsgx-urts libsgx-quote-ex libsgx-dcap-ql
  

• (Optional) To debug with sgx-gdb, install the debug symbol packages. For example:

  SUSE Linux Enterprise Server 15 SP6

  sudo zypper install \
      libsgx-aesm-ecdsa-plugin-debuginfo \
      libsgx-aesm-launch-plugin-debuginfo \
      libsgx-aesm-pce-plugin-debuginfo \
      libsgx-aesm-quote-ex-plugin-debuginfo \
      libsgx-dcap-default-qpl-debuginfo \
      libsgx-dcap-ql-debuginfo \
      libsgx-dcap-quote-verify-debuginfo \
      libsgx-enclave-common-debuginfo \
      libsgx-launch-debuginfo \
      libsgx-pce-logic-debuginfo \
      libsgx-qe3-logic-debuginfo \
      libsgx-quote-ex-debuginfo \
      libsgx-ra-network-debuginfo \
      libsgx-ra-uefi-debuginfo \
      libsgx-uae-service-debuginfo \
      libsgx-urts-debuginfo \
      sgx-aesm-service-debuginfo \
      sgx-pck-id-retrieval-tool-debuginfo \
      sgx-ra-service-debuginfo
  

• (Optional) If you intend to run an application that uses an Intel® SGX enclave requiring the Provision Key Access, your user needs to be added to the group sgx_prv. Note that any enclave obtaining an SGX Quote using the DCAP Quote Generation Library requires this access. A user <username> can be added to the group with the following command:

  SUSE Linux Enterprise Server 15 SP6

  sudo usermod -aG sgx_prv <username>
  

Follow the steps below to install the primary Intel® SGX packages: libsgx-quote-ex and libsgx-dcap-ql.

Dependent packages automatically installed

Installing the primary Intel® SGX packages (libsgx-quote-ex and libsgx-dcap-ql) will also automatically install the following dependent packages required for SGX functionality:

• libsgx-ae-le
• libsgx-ae-pce
• libsgx-ae-qe3
• libsgx-ae-qve
• libsgx-aesm-ecdsa-plugin
• libsgx-aesm-quote-ex-plugin
• libsgx-dcap_quote-verify
• libsgx-enclave-common
• libsgx-pce-logic
• libsgx-qe3-logic
• libsgx-urts
• sgx-aesm-service

• Setup the necessary package repository, which requires an active Internet connection:

  Ubuntu 24.04Ubuntu 22.04

  sudo tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null <<EOF
  deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu noble main
  EOF
  

  sudo tee /etc/apt/sources.list.d/intel-sgx.list > /dev/null <<EOF
  deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main
  EOF
  

• Download the public key of the package repository and add it to the list of trusted keys that are used by apt to authenticate packages:

  Ubuntu 24.04Ubuntu 22.04

  curl -fsSLO https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
  sudo mv intel-sgx-deb.key /etc/apt/keyrings/intel-sgx-keyring.asc
  

  curl -fsSLO https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
  sudo mv intel-sgx-deb.key /etc/apt/keyrings/intel-sgx-keyring.asc
  

• Update the package index and install the required packages:

  Ubuntu 24.04Ubuntu 22.04

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

• (Optional) To debug with sgx-gdb, install the debug symbol packages:

  Ubuntu 24.04Ubuntu 22.04

  sudo apt-get install \
      libsgx-aesm-ecdsa-plugin-dbgsym \
      libsgx-aesm-launch-plugin-dbgsym \
      libsgx-aesm-pce-plugin-dbgsym \
      libsgx-aesm-quote-ex-plugin-dbgsym \
      libsgx-dcap-default-qpl-dbgsym \
      libsgx-dcap-ql-dbgsym \
      libsgx-dcap-quote-verify-dbgsym \
      libsgx-enclave-common-dbgsym \
      libsgx-launch-dbgsym \
      libsgx-pce-logic-dbgsym \
      libsgx-qe3-logic-dbgsym \
      libsgx-quote-ex-dbgsym \
      libsgx-ra-network-dbgsym \
      libsgx-ra-uefi-dbgsym \
      libsgx-tdx-logic-dbgsym \
      libsgx-uae-service-dbgsym \
      libsgx-urts-dbgsym \
      libtdx-attest-dbgsym \
      sgx-aesm-service-dbgsym \
      sgx-pck-id-retrieval-tool-dbgsym \
      sgx-ra-service-dbgsym \
      tdx-qgs-dbgsym \
      tee-appraisal-tool-dbgsym
  

  sudo apt-get install \
      libsgx-aesm-ecdsa-plugin-dbgsym \
      libsgx-aesm-launch-plugin-dbgsym \
      libsgx-aesm-pce-plugin-dbgsym \
      libsgx-aesm-quote-ex-plugin-dbgsym \
      libsgx-dcap-default-qpl-dbgsym \
      libsgx-dcap-ql-dbgsym \
      libsgx-dcap-quote-verify-dbgsym \
      libsgx-enclave-common-dbgsym \
      libsgx-launch-dbgsym \
      libsgx-pce-logic-dbgsym \
      libsgx-qe3-logic-dbgsym \
      libsgx-quote-ex-dbgsym \
      libsgx-ra-network-dbgsym \
      libsgx-ra-uefi-dbgsym \
      libsgx-tdx-logic-dbgsym \
      libsgx-uae-service-dbgsym \
      libsgx-urts-dbgsym \
      libtdx-attest-dbgsym \
      sgx-aesm-service-dbgsym \
      sgx-pck-id-retrieval-tool-dbgsym \
      sgx-ra-service-dbgsym \
      tdx-qgs-dbgsym \
      tee-appraisal-tool-dbgsym
  

• (Optional) If you intend to run an application that uses an Intel® SGX enclave requiring the Provision Key Access, your user needs to be added to the group sgx_prv. Note that any enclave obtaining an SGX Quote using the DCAP Quote Generation Library requires this access. A user <username> can be added to the group with the following command:

  Ubuntu 24.04Ubuntu 22.04

  sudo usermod -aG sgx_prv <username>
  

  sudo usermod -aG sgx_prv <username>
  

Alternate installation method using local repository

• Download the correct repository archive:

  Ubuntu 24.04Ubuntu 22.04

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu24.04-server/sgx_debian_local_repo.tgz
  

  curl -fsSLO \
      https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu22.04-server/sgx_debian_local_repo.tgz
  

• Verify that the repository archive has the expected, publicly-available checksum:

  Ubuntu 24.04Ubuntu 22.04

  local_sum=$(sha256sum sgx_debian_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/ubuntu24.04-server/sgx_debian_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

  local_sum=$(sha256sum sgx_debian_local_repo.tgz | awk '{print $1}')
  remote_sum=$(curl -s https://download.01.org/intel-sgx/latest/dcap-latest/linux/SHA256SUM_dcap_1.23.cfg | grep 'distro/ubuntu22.04-server/sgx_debian_local_repo.tgz' | awk '{print $1}')
  if [[ "$local_sum" == "$remote_sum" ]]; then echo "Checksum matches"; else echo "Checksum mismatch!"; fi
  

• Extract the repository archive to an appropriate folder, e.g., /opt/intel:

  Ubuntu 24.04Ubuntu 22.04

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_debian_local_repo.tgz -C /opt/intel
  

  sudo mkdir -p /opt/intel
  sudo tar xzf sgx_debian_local_repo.tgz -C /opt/intel
  

• Add local repository to your system's list of package sources

  Ubuntu 24.04Ubuntu 22.04

  echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] file:///opt/intel/sgx_debian_local_repo noble main' | \
      sudo tee /etc/apt/sources.list.d/sgx-repo.list
  

  echo 'deb [signed-by=/etc/apt/keyrings/intel-sgx-keyring.asc arch=amd64] file:///opt/intel/sgx_debian_local_repo jammy main' | \
      sudo tee /etc/apt/sources.list.d/sgx-repo.list
  

• Add the public key of the package repository to the list of trusted keys that are used by apt to authenticate packages:

  Ubuntu 24.04Ubuntu 22.04

  sudo cp /opt/intel/sgx_debian_local_repo/keys/intel-sgx.key /etc/apt/keyrings/intel-sgx-keyring.asc
  

  sudo cp /opt/intel/sgx_debian_local_repo/keys/intel-sgx.key /etc/apt/keyrings/intel-sgx-keyring.asc
  

• Update the package index and install the required packages:

  Ubuntu 24.04Ubuntu 22.04

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

  sudo apt-get update
  sudo apt-get install libsgx-quote-ex libsgx-dcap-ql
  

Install Intel® SGX/TDX DCAP

Red Hat and CentOSSUSE Linux Enterprise ServerUbuntu and Debian

Set up the Intel® SGX/TDX Data Center Attestation Primitives (Intel® SGX/TDX DCAP), Provisioning Certificate Caching Service (PCCS), and Quote Provider Library (QPL). The PCCS and QPL work together to first cache DCAP attestation collateral and then make the collateral available to the DCAP Quote Generation Library (libsgx-dcap-ql). These packages are provided as reference designs that users may deploy as follows.

Note

If you are using an external infrastructure provider (e.g., a CSP), check with the infrastructure provider to see if a specific collateral caching service is provided, which might also require a specific QPL. For example, Azure provides the Trusted Hardware Identity Management. Here, we assume that the Intel-provided packages are used.

1. [Optional] Setup the Provisioning Certificate Caching Service (PCCS) as explained in the Provisioning Certificate Caching Service (PCCS) section of the Intel TDX Enabling Guide. Note that Intel TDX and Intel SGX use the same PCCS.

2. Install the DCAP QPL package:

   sudo yum install libsgx-dcap-default-qpl
   

Set up the Intel® SGX/TDX Data Center Attestation Primitives (Intel® SGX/TDX DCAP), Provisioning Certificate Caching Service (PCCS), and Quote Provider Library (QPL). The PCCS and QPL work together to first cache DCAP attestation collateral and then make the collateral available to the DCAP Quote Generation Library (libsgx-dcap-ql). These packages are provided as reference designs that users may deploy as follows.

Note

If you are using an external infrastructure provider (e.g., a CSP), check with the infrastructure provider to see if a specific collateral caching service is provided, which might also require a specific QPL. For example, Azure provides the Trusted Hardware Identity Management. Here, we assume that the Intel-provided packages are used.

1. [Optional] Setup the Provisioning Certificate Caching Service (PCCS) as explained in the Provisioning Certificate Caching Service (PCCS) section of the Intel TDX Enabling Guide. Note that Intel TDX and Intel SGX use the same PCCS.

2. Install the DCAP QPL package:

   sudo zypper install libsgx-dcap-default-qpl
   

Set up the Intel® SGX/TDX Data Center Attestation Primitives (Intel® SGX/TDX DCAP), Provisioning Certificate Caching Service (PCCS), and Quote Provider Library (QPL). The PCCS and QPL work together to first cache DCAP attestation collateral and then make the collateral available to the DCAP Quote Generation Library (libsgx-dcap-ql). These packages are provided as reference designs that users may deploy as follows.

Note

If you are using an external infrastructure provider (e.g., a CSP), check with the infrastructure provider to see if a specific collateral caching service is provided, which might also require a specific QPL. For example, Azure provides the Trusted Hardware Identity Management. Here, we assume that the Intel-provided packages are used.

1. [Optional] Setup the Provisioning Certificate Caching Service (PCCS) as explained in the Provisioning Certificate Caching Service (PCCS) section of the Intel TDX Enabling Guide. Note that Intel TDX and Intel SGX use the same PCCS.

2. Install the DCAP QPL package:

   sudo apt-get install libsgx-dcap-default-qpl
   

Intel® SGX Application Developer

To build or develop an application that uses an Intel® SGX enclave, you have to install everything mentioned in the section Intel® SGX Application User. Additionally, you have to install the Intel® SGX Software Development Kit (Intel® SGX SDK) and the developer packages, which we describe in this section.

Install Intel® SGX SDK

Red Hat and CentOSSUSE Linux Enterprise ServerUbuntu and Debian

1. Install dependencies:

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   sudo yum groupinstall 'Development Tools'
   sudo yum install python3
   

   sudo yum groupinstall 'Development Tools'
   sudo yum install python3
   

   For more information about dependencies, see the "Prerequisites" section in the corresponding README.

2. Download the Intel® SGX SDK binary:

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/centos-stream9/sgx_linux_x64_sdk_2.26.100.0.bin
   

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/rhel9.4-server/sgx_linux_x64_sdk_2.26.100.0.bin
   

3. Adjust the permissions of the Intel® SGX SDK binary:

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   chmod +x sgx_linux_x64_sdk.bin
   

   chmod +x sgx_linux_x64_sdk.bin
   

4. Start interactive setup of the Intel® SGX SDK (with sudo privileges if necessary):

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   ./sgx_linux_x64_sdk.bin
   

   ./sgx_linux_x64_sdk.bin
   

   When the question Do you want to install in current directory? [yes/no] appears, choose one of the following:

   • If you want to install the components in the current directory, type yes and press Enter.

   • If you want to provide another path for the installation, type no and press Enter.

     Now the Intel® SGX SDK package is installed into the directory <Your Input Location>/sgxsdk. In this location, you can also find an uninstallation script uninstall.sh, which you can use to uninstall the Intel® SGX SDK.

   Note

   A non-interactive installation (with sudo privileges if necessary) can be started with:

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

5. Run the following command to set all environment variables of the Intel® SGX SDK:

   CentOS Stream 9Red Hat Enterprise Linux 9.4

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

1. Install dependencies:

   SUSE Linux Enterprise Server 15 SP6

   sudo zypper install --type pattern devel_basis
   sudo zypper install ocaml ocaml-ocamlbuild automake autoconf libtool \
       curl python3 libopenssl-devel rpm-build git cmake perl
   sudo update-alternatives --install /usr/bin/python python \
       /usr/bin/python3 1
   

   For more information about dependencies, see the "Prerequisites" section in the corresponding README.

2. Download the Intel® SGX SDK binary:

   SUSE Linux Enterprise Server 15 SP6

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/suse15.6-server/sgx_linux_x64_sdk_2.26.100.0.bin
   

3. Adjust the permissions of the Intel® SGX SDK binary:

   SUSE Linux Enterprise Server 15 SP6

   chmod +x sgx_linux_x64_sdk.bin
   

4. Start interactive setup of the Intel® SGX SDK (with sudo privileges if necessary):

   SUSE Linux Enterprise Server 15 SP6

   ./sgx_linux_x64_sdk.bin
   

   When the question Do you want to install in current directory? [yes/no] appears, choose one of the following:

   • If you want to install the components in the current directory, type yes and press Enter.

   • If you want to provide another path for the installation, type no and press Enter.

     Now the Intel® SGX SDK package is installed into the directory <Your Input Location>/sgxsdk. In this location, you can also find an uninstallation script uninstall.sh, which you can use to uninstall the Intel® SGX SDK.

   Note

   A non-interactive installation (with sudo privileges if necessary) can be started with:

   SUSE Linux Enterprise Server 15 SP6

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

5. Run the following command to set all environment variables of the Intel® SGX SDK: === "SUSE Linux Enterprise Server 15 SP6"

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

1. Install dependencies:

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   sudo apt-get install build-essential python3
   sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
   

   sudo apt-get install build-essential python3
   sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1
   

   sudo apt-get install build-essential python-is-python3
   

   sudo apt-get install build-essential python-is-python3
   

   For more information about dependencies, see the "Prerequisites" section in the corresponding README.

2. Download the Intel® SGX SDK binary:

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/Debian12/sgx_linux_x64_sdk_2.26.100.0.bin
   

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/Debian10/sgx_linux_x64_sdk_2.26.100.0.bin
   

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu24.04-server/sgx_linux_x64_sdk_2.26.100.0.bin
   

   curl -fsSLo sgx_linux_x64_sdk.bin \
       https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.26.100.0.bin
   

3. Adjust the permissions of the Intel® SGX SDK binary:

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   chmod +x sgx_linux_x64_sdk.bin
   

   chmod +x sgx_linux_x64_sdk.bin
   

   chmod +x sgx_linux_x64_sdk.bin
   

   chmod +x sgx_linux_x64_sdk.bin
   

4. Start interactive setup of the Intel® SGX SDK (with sudo privileges if necessary):

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   ./sgx_linux_x64_sdk.bin
   

   ./sgx_linux_x64_sdk.bin
   

   ./sgx_linux_x64_sdk.bin
   

   ./sgx_linux_x64_sdk.bin
   

   When the question Do you want to install in current directory? [yes/no] appears, choose one of the following:

   • If you want to install the components in the current directory, type yes and press Enter.

   • If you want to provide another path for the installation, type no and press Enter.

     Now the Intel® SGX SDK package is installed into the directory <Your Input Location>/sgxsdk. In this location, you can also find an uninstallation script uninstall.sh, which you can use to uninstall the Intel® SGX SDK.

   Note

   A non-interactive installation (with sudo privileges if necessary) can be started with:

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

   ./sgx_linux_x64_sdk.bin --prefix {SDK_INSTALL_PATH_PREFIX}
   

5. Run the following command to set all environment variables of the Intel® SGX SDK:

   Debian 12Debian 10Ubuntu 24.04Ubuntu 22.04

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

   source <Intel SGX SDK Installation Path>/sgxsdk/environment
   

Install Developer Packages

Red Hat and CentOSSUSE Linux Enterprise ServerUbuntu and Debian

Install the appropriate developer packages using the following commands:

sudo yum install libsgx-enclave-common-devel \
    libsgx-dcap-ql-devel \
    libsgx-dcap-default-qpl-devel \
    libsgx-quote-ex-devel \
    libsgx-dcap-ql-devel \
    libsgx-dcap-quote-verify-devel \
    tee-appraisal-tool

Note

This command assumes that you have setup the package repository as explained in the section Intel® SGX Application User.

Install the appropriate developer packages using the following commands:

sudo zypper install libsgx-enclave-common-devel \
    libsgx-dcap-ql-devel \
    libsgx-dcap-default-qpl-devel \
    libsgx-quote-ex-devel \
    libsgx-dcap-ql-devel \
    libsgx-dcap-quote-verify-devel \
    tee-appraisal-tool

Note

This command assumes that you have setup the package repository as explained in the section Intel® SGX Application User.

Install the appropriate developer packages using the following commands:

sudo apt-get install libsgx-enclave-common-dev \
    libsgx-dcap-ql-dev \
    libsgx-dcap-default-qpl-dev \
    tee-appraisal-tool

Note

This command assumes that you have setup the package repository as explained in the section Intel® SGX Application User.

Building the Intel® SGX Software Stack

Follow the instructions in this section to build or develop the Intel SGX software stack, i.e., the Intel SGX SDK, the Intel SGX PSW, or Intel SGX/TDX DCAP. In particular, this is necessary when you want to build/develop a version for a distribution not mentioned in the sections above.

Intel® SGX PSW and Intel® SGX SDK

The source code for the Intel® SGX PSW and the Intel® SGX SDK is located in GitHub* repository https://github.com/intel/linux-sgx. To build and deploy the packages, follow the instructions in https://github.com/intel/linux-sgx/blob/master/README.md.

Prebuilt Binaries

For Intel® SGX EPID-based attestation, you must use the Architectural Enclaves (AEs), which are pre-built and signed by Intel. You can download these pre-built enclaves for the Intel® SGX Linux* release from https://download.01.org/intel-sgx/latest/linux-latest/. The prebuilt enclaves are in a .tar file in the form prebuilt_ae_<version>.tar.gz

In addition, the Intel® SGX SDK provides prebuilt optimized libraries in the binary form. These libraries are provided in a .tar file in the form of optimized_libs_<version>.tar.gz.

Check the SHA256 hash of downloaded libraries using SHA256SUM_prebuilt_<version>.cfg.

Intel® SGX/TDX DCAP

The source code for Intel® SGX/TDX DCAP is located in GitHub* repository https://github.com/intel/SGXDataCenterAttestationPrimitives. To build and deploy the packages, follow the instructions in https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/master/README.md. For release notes and other details, see https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/

Prebuilt Binaries

For Intel® SGX DCAP-based attestation, you must also use certain enclaves that are pre-built and signed by Intel. This includes enclaves used by the Intel® SGX DCAP Quote Generation Library, which are located here: https://download.01.org/intel-sgx/latest/dcap-latest/linux/ in file prebuilt_dcap_<version>.tar.gz.

Software Packages

In the following, we first describe the software packages used for Intel® SGX and Intel® TDX at a high level. In later sections, the software packages are described in more details.

Figure 1 details the set of packages for Intel® SGX that are provided in Intel® SGX DCAP beginning with Version 1.4 and Intel® SGX PSW beginning with version 2.8. The figure also displays required (hard) and optional dependencies between the packages. The packages are categorized as follows:

• SGX Library Packages (in blue): Each package presents library functionality to application developers.
• AESM Packages (in yellow): Provide special security functions related to the Architectural Enclave Service Manager (AESM). The AESM is a daemon that provides special functions, e.g., quote generation or launch token generation, to Intel® SGX applications. The AESM has been modularized into a service, provided in the package sgx-aesm-service, and a set of plug-ins where each plug-in provides a specific function.
• AE Packages (in green): Packages related to Architectural Enclave (AE).

Figure 1. Intel® SGX PSW and Intel® SGX/TDX DCAP for Linux Package Structure (Intel SGX related)

Figure 2 details the set of packages for Intel® TDX that are provided in Intel® SGX/TDX DCAP beginning with Version 1.14 and Intel® SGX PSW beginning with version 2.17. The figure also displays required (hard) and optional dependencies between the packages.

In Intel TDX®, the packages are separated in two domains. The first domain covers packages installed on host (or in a dedicated SGX VM or a docker container), e.g., tdx-qgs, libsgx-dcap-default-qpl, and sgx-dcap-pccs. The second domain covers packages installed in the TD. Applications that need to get a TD Report or a TD Quote depend on the package libtdx-attest package, which is the only package required inside the TD.

Figure 2. Intel® SGX PSW and Intel® SGX/TDX DCAP for Linux Package Structure (Intel TDX related)

Access to AESM Plug-ins

For an application to use a specific AESM function, the application installation must ensure that the plugin responsible for the AESM function is installed. This can be done in one of two methods:

1. Set a direct dependency on the specified service's plug-in package. This installs the service in the environment where the application is installed.

2. Ensure that the plug-in is installed in an accessible environment where its service can be accessed. Each function that the AESM plug-ins provide can be accessed via a Unix Domain Socket with a hardcoded port. The plug-in may be installed in one environment, for example a container, and the Unix Domain Socket port may be relayed to an IP socket via a utility such as SOCAT so that it can be accessed in another environment (using a corresponding SOCAT configuration to relay the bytestream to the Unix Domain Socket).

Each AESM plug-in package depends on the AESM Service (sgx-aesm-service) and upon one or more Architectural Enclave (AE) packages. AE packages provide enclaves themselves. These enclaves, such as libsgx-ae-pce, are provided in their own packages to allow them:

• to be updated independently, as some are in the TCB of the Intel® SGX application due to the service they provide,
• to be signed by a trusted entity, as the signer of an AE must be trusted by the party relying on the AE service.

It should be noted that the packages libsgx-dcap-default-qpl and sgx-dcap-pccs are not presented with any direct dependencies. These are described in a later section.

Detailed Description of Packages

The best description of the individual components relates to what you need to do in an application or a run time, or how you may configure a VM or platform. Each package and its dependencies are listed in alphabetical order in .

Package Name	Type	Function	Direct SGX Package Dependency(s)	Developer Files
libsgx-ae-pce	AE	PCE Enclave	None	EDL provided in release package
libsgx-ae-qe3	AE	ECDSA Quoting Enclave	None	EDL provided in release package
libsgx-ae-qve	AE	ECDSA Quote Verification Enclave	None	EDL provided in release package
libsgx-ae-id-enclave	AE	ID Enclave	None	EDL provided in release package
libsgx-ae-tdqe	AE	TDX Quoting Enclave	None	EDL provided in release package
libsgx-aesm-ecdsa-plugin	Plug-in	Plug-in to provide ECDSA Quotes	libsgx-qe3-logic libsgx-aesm-pce-plugin sgx-aesm-service
libsgx-aesm-pce-plugin	Plug-in	Plug-in to provide PCE Signing	libsgx-pce-logic libsgx-ae-pce sgx-aesm-service
libsgx-aesm-quote-ex-plugin	Plug-in	Plug-in to provide universal quoting	libsgx-aesm-ecdsa-plugin sgx-aesm-service
libsgx-dcap-default-qpl	Lib	Default Quote Provider Library (QPL)	None	libsgx-dcap-default-qpl-dev
libsgx-dcap-default-qpl-dev	Dev Files	Developer Files for Default Quote Provider Library	libsgx-dcap-default-qpl
libsgx-dcap-ql	Lib	Provides ECDSA Quotes	libsgx-pce-logic libsgx-qe3-logic libsgx-quote-ex(opt.) libsgx-dcap-quote-verify(opt.)	libsgx-dcap-ql-dev
libsgx-dcap-ql-dev	Dev Files	Developer Files for libsgx-dcap-ql	libsgx-headers libsgx-dcap-ql
libsgx-dcap-quote-verify	Lib	Quote Verification Library	libsgx-urts(opt.) libsgx-ae-qve(opt.)	libsgx-dcap-quote-verify-dev
libsgx-dcap-quote-verify-dev	Dev Files	Developer files for Quote Verification Library	libsgx-headers libsgx-dcap-quote-verify
libsgx-pce-logic	Lib	Provides PCE logic wrapper	libsgx-urts libsgx-ae-pce
libsgx-qe3-logic	Lib	Provides ECDSA QE logic wrapper	libsgx-urts libsgx-ae-qe3 libsgx-ae-id-enclave
libsgx-tdx-logic	Lib	Provides TD QE logic wrapper	libsgx-urts libsgx-pce-logic libsgx-ae-tdqe libsgx-ae-id-enclave	libsgx-tdx-logic-dev
libsgx-tdx-logic-dev	Dev Files	Developer Files for TD QE logic wrapper Library	libsgx-tdx-logic
libsgx-enclave-common	Lib	Library that presents common interface for loading SGX enclaves		libsgx-enclave-common-dev
libsgx-enclave-common-dev	Dev File	Developer files for Enclave Common	libsgx-headers libsgx-enclave-common
libsgx-quote-ex	Lib	Provides agnostic quote generation	libsgx-aesm-quote-ex-plugin (opt.)	libsgx-quote-ex-dev
libsgx-quote-ex-dev	Dev Files	Developer files for libsgx-quote-ex	libsgx-headers
libsgx-urts	Lib	Provides uRTS features to load/manage Intel® SGX Enclaves	libsgx-enclave-common	Header files provided in SDK: sgx_linux_x64_sdk_*.bin
sgx-aesm-service	Service	AESM Service that runs AESM plug-ins	None	None
tdx-qgs	Service	TD Quoting Generation Service	libsgx-tdx-logic
sgx-dcap-pccs	Service	Provisioning Certificate Caching Service	None
libtdx-attest	Lib	Trust Domain Extensions Attestation library	None	libtdx-attest-dev
libtdx-attest-dev	Dev Files	Developer files for libtdx-attest	libtdx-attest

Table 1. Intel® Linux SGX Software Packages (note that package names may vary by distribution)

FIPS 140-3 Certifiable mode

Some Intel SGX software components are built with OpenSSL3 static library. To make them FIPS 140-3 Certifiable, you need to provide openssl.cnf, fipsmodule.cnf, and fips.so for your system.

1. Assuming your fipsmodule.cnf is located at <path to fipsmodule.cnf>, adjust the path in your openssl.cnf and make sure that you have all listed settings:

   # For FIPS
   # Optionally include a file that is generated by the OpenSSL fipsinstall
   # application. This file contains configuration data required by the OpenSSL
   # fips provider. It contains a named section e.g. [fips_sect] which is
   # referenced from the [provider_sect] below.
   # Refer to the OpenSSL security policy for more information.
   .include <path to fipsmodule.cnf>/fipsmodule.cnf
   
   [openssl_init]
   providers = provider_sect
   
   # List of providers to load
   [provider_sect]
   # default = default_sect
   # The fips section name should match the section name inside the
   # included fipsmodule.cnf.
   fips = fips_sect
   base = base_sect
   

2. Assuming your openssl.cnf is at <path to openssl.cnf>, export the path as follows:

   OPENSSL_CONF=<path to openssl.cnf>/openssl.cnf`
   

3. If you have your fips.so in <path to fips.so>, export the path as follows:

   export OPENSSL_MODULES=<path to fips.so>
   

4. Since AESM is running as a daemon, you must add the following to lines to /usr/lib/systemd/system/aesmd.service in the Service settings:

   Environment=OPENSSL_MODULES=<path to fips.so>
   Environment=OPENSSL_CONF=<path to openssl.cnf>/openssl.cnf
   

   An example of the entire /usr/lib/systemd/system/aesmd.service:

   [Unit]
   Description=Intel(R) Architectural Enclave Service Manager
   After=syslog.target network.target auditd.service
   After=remount-dev-exec.service
   Wants=remount-dev-exec.service
   
   [Service]
   User=aesmd
   Type=forking
   Environment=NAME=aesm_service
   Environment=AESM_PATH=/opt/intel/sgx-aesm-service/aesm
   Environment=LD_LIBRARY_PATH=/opt/intel/sgx-aesm-service/aesm
   Environment=OPENSSL_MODULES=<path to fips.so>
   Environment=OPENSSL_CONF=<path to openssl.cnf>/openssl.cnf
   WorkingDirectory=/opt/intel/sgx-aesm-service/aesm
   PermissionsStartOnly=true
   ExecStartPre=/opt/intel/sgx-aesm-service/aesm/linksgx.sh
   ExecStartPre=/bin/mkdir -p /var/run/aesmd/
   ExecStartPre=/bin/chown -R aesmd:aesmd /var/run/aesmd/
   ExecStartPre=/bin/chmod 0755 /var/run/aesmd/
   ExecStartPre=/bin/chown -R aesmd:aesmd /var/opt/aesmd/
   ExecStartPre=/bin/chmod 0750 /var/opt/aesmd/
   ExecStart=/opt/intel/sgx-aesm-service/aesm/aesm_service
   InaccessibleDirectories=/home
   ExecReload=/bin/kill -SIGHUP $MAINPID
   Restart=on-failure
   RestartSec=15s
   DevicePolicy=closed
   DeviceAllow=/dev/isgx rw
   DeviceAllow=/dev/sgx rw
   DeviceAllow=/dev/sgx/enclave rw
   DeviceAllow=/dev/sgx/provision rw
   DeviceAllow=/dev/sgx_enclave rw
   DeviceAllow=/dev/sgx_provision rw
   [Install]
   WantedBy=multi-user.target
   

5. Restart AESM:

   sudo systemctl daemon-reload
   sudo service aesmd restart
   

As a result, Intel SGX related libraries and tools will load fips.so and use the FIPS 140-3 Certifiable APIs. More details about the OpenSSL fips module can be found in its documentation.

Required Packages per Use Cases

The packages that are required, either as application package dependencies or as platform dependencies, depend on the use case of the application and the platform environment.

Load Custom Runtime-based Enclaves

The loading process for Intel® SGX enclaves with a custom configuration (e.g., enclaves produced using the Open Enclave SDK) should use the libsgx-enclave-common library.

• Package: libsgx-enclave-common
• Documentation: Intel_SGX_Enclave_Common_Loader_API_Reference.pdf
• Comments:
  • This library is typically used by enclave runtimes, e.g., Open Enclave Loader or Intel® SGX uRTS.

Load Intel® SGX SDK-based Enclaves

Enclaves that are produced using the Intel® SGX SDK are loaded and managed with the libsgx-urts library.

• Package: libsgx-urts
• Documentation: Intel_SGX_Developer_Reference_Linux_<version>_Open_Source.pdf from https://download.01.org/intel-sgx/latest/linux-latest/docs/
• Comments:
  • libsgx-urts depends on libsgx-enclave-common.
  • To use libsgx-urts in your application, install the Intel® SGX SDK for Linux following the installation instructions.

Use DCAP-based Quote Generation

Applications that use DCAP-based Quote Generation (also referred to as ECDSA-based Quote Generation) should use the libsgx-dcap-ql library.

• Package: libsgx-dcap-ql
• Documentation: Intel_SGX_Developer_Reference_Linux_<version>_Open_Source.pdf from https://download.01.org/intel-sgx/latest/linux-latest/docs/
• Comments:
  • libsgx-dcap-ql directly depends on:
    • libsgx-urts (dependency not shown in and )
    • libsgx-ae-qve
    • libsgx-ae-qe3
    • libsgx-ae-pce

Use Universal Quote Generation

Applications that use Universal Quote Generation should use the libsgx-quote-ex library.

• Package: libsgx-quote-ex
• Documentation: Intel_SGX_Developer_Reference_Linux_ <version>_Open_Source.pdf from https://download.01.org/intel-sgx/latest/linux-latest/docs/
• Comments:
  • libsgx-quote-ex requires access to libsgx-quote-ex-plugin. This can be a hard dependency in the application package, or it can be provided independently on the platform. See section Access to AESM Plug-ins for details.

Use Attestation in a TD

Applications inside a TD that use attestation should use the libtdx-attest library.

• Package: libtdx-attest
• Comments:
  • The TD Quote Generation section of the Intel TDX Enabling Guide shows how the TDX Quote Generation Sample can be used to generate a TD Quote. This sample code uses the libtdx-attest package.

Provide TD Quoting Service

To provide a TD Quoting service on an Intel TDX-enabled host, you should use the tdx-qgs service.

• Package: tdx-qgs
• Comments:
  • tdx-qgs requires libsgx-tdx-logic as a hard dependency.
  • It also requires a Quote Provider Library (QPL) at runtime to retrieve platform information.
  • It is up to the system administrator to install Intel's QPL libsgx-dcap-default-qpl or their own version.
  • The Setup Quote Generation Service (QGS) section of the Intel TDX Enabling Guide shows how to setup the QGS in the host OS.

Platform uses PCCS-based Collateral Caching

ECDSA-based quote generation and quote verification require collateral provided by Intel® PCS. This collateral should be cached within the infrastructure using a collateral caching service.

Intel provides a reference Provisioning Certificate Caching Service (PCCS) in package sgx-dcap-pccs. In addition, it provides a reference library, the Quote Provider Library (QPL), in package libsgx-dcap-default-qpl, which is used by libsgx-dcap-ql and libsgx-aesm-ecdsa-plugin to obtain collateral from the PCCS.

• Package: sgx-dcap-pccs and libsgx-dcap-default-qpl
• Comments:
  • Infrastructure providers (e.g., CSPs) are likely to deploy their own QPL and collateral caching service. In this case, the platform should be provisioned with the infrastructure providers specific software.
  • The Provisioning Certificate Caching Service (PCCS) section of the Intel TDX Enabling Guide shows how to install the PCCS.

Advanced Configuration Topics

In this chapter, we describe the following advanced configuration topics:

• Details on ECDSA-based Quote Generation using the DCAP Quoting Library.
• Details on the Configuration of AESM Service.

ECDSA-based Quote Generation using the DCAP Quoting Library

For an enclave to attest to a remote entity, it must obtain an SGX Report of itself and then use the Quoting Enclave (QE) on the platform to convert it to a signed SGX Quote. Using the QE in an application requires the user to have special privilege on the system. As some processes may not have this privilege, DCAP Quoting Library offers two options to obtain an ECDSA-based quote:

• In-Process ECDSA-based Quote Generation: the DCAP Quoting Library will load the QE itself and obtain the quote with a direct call to the enclave.

• Out-of-Process ECDSA-based Quote Generation: the DCAP Quoting Library makes an out-of-process call to the AESM Service to get the quote.

Each of these options has specific requirements on the configuration of the software and environment on the platform or on the privilege of the user application, which will be described in the following subsections.

In-Process ECDSA-based Quote Generation

In this mode, which is the default mode, the DCAP Quoting Library will load the QE itself and obtain the SGX Quote with a direct call to the enclave. This may cause issues if you use the Intel SGX Linux driver because you must have specific access privileges in order to launch an enclave capable of signing SGX Quotes. In detail, you must have permission to launch an enclave with the Provision Bit set.

An enclave may set the Provision Bit in its attributes to be able to request the Provision Key. Acquiring the Provision Key may have privacy implications and thus the permission to acquire the key should be limited to privileged users. Enclave with the Provision Bit set are referred to as Provisioning Enclaves below.

For applications loading Provisioning Enclaves, the platform owner (administrator) must grant provisioning access to the app process as described below.

Process Permissions and Flow

A process that launches a Provisioning Enclave is required to use the SET_ATTRIBUTE IOCTL before the INIT_ENCLAVE IOCTL to notify the driver that the enclave being launched requires Provision Key access. The SET_ATTRIBUTE IOCTL input is a file handle to /dev/sgx_provision, which fails to open if the process does not have the required permission. To summarize, the following flow is required by the platform admin and a process that requires Provision Key access:

• Software installation flow:

  • Add the user running the process to the sgx_prv group:

    sudo usermod -a -G sgx_prv <user name>
    

• Enclave launch flow:

  • Create the enclave via the CREATE_ENCLAVE IOCTL

  • Open a handle to /dev/sgx_provision

  • Issue the SET_ATTRIBUTE IOCTL with the handle as a parameter

  • Continue the load and initialization of the enclave

Note

The Enclave Common Loader library is following the above flow and launching enclave based on it. Failure to grant correct access to the launch process will cause a failure in the enclave initialization.

Out-of-Process ECDSA-based Quote Generation

In this mode, which is not the default, the DCAP Quoting Library uses Universal Quote Generation (using the libsgx-quote-ex library), which makes a remote process call to the AESM Service to obtain an SGX Quote from the AESM Service. To do this:

• Ensure that the proper packages are installed as described in the Use Universal Quote Generation section.

• Create an environment variable named SGX_AESM_ADDR, which will instruct the DCAP Quoting Library to use out-of-process ECDSA-based quote generation. Among others, the following alternatives can be used to set this environment variable:

  • Add the environment variable to the command line when running the application:

    SGX_AESM_ADDR=1 <app_name>
    

    This only configures the out-of-process quote generation for the application being executed

  • Add the following line to the environment variable file /etc/environment:

    SGX_AESM_ADDR=1
    

    This configures the out-of-process quote generation for the whole system.

The AESM Service is preconfigured to run with a sgx_prv privilege.

Configuration of AESM Service

The AESM Service provides functionality to applications on the platform. Many of the Intel SGX library packages are installed as plug-ins to the AESM service and thus provide their functionality to the system while running within the AESM service.

Information about the AESM service:

• Its executable is installed to the directory /opt/intel/sgx-aesm-service.
• Its installer configures the service to run as a system daemon, which starts with the user ID aesmd.
• Its default home directory is /var/opt/aesmd.
• To perform certain functions the AESM service needs Internet access. If your network is using a proxy service, you may need to configure a proxy for the AESM service. For instructions on setting up the proxy, refer to the file /etc/aesmd.conf.

• By default, systemd and syslog are used for the AESM service. The following can be used when these are not available, e.g., in cloud native K8s deployments.

  • To manually start the service, use the following command:

    ./aesm_service --no-daemon
    

  • To write logs to stdout/stderr, use the following command:

    ./aesm_service --no-daemon --no-syslog
    

  • To specify which attestation types are supported, use the following command:

    ./aesm_service --supported_attestation_types=ECDSA
    

    If an attestation type is specified but AESM fails to load the corresponding modules, AESM will stop running. Currently only ECDSA-based attestation is supported