This topic describes how to build a Software Guard Extensions (SGX) encrypted computing environment on a g7t, c7t, or r7t instance (vSGX instance) and run sample code to verify SGX features.

Prerequisites

A vSGX instance is created, and you are logged on to the instance.
Note When you create a security-enhanced instance, you must select a dedicated image to use the security features. For more information, see Create security-enhanced instances.

Background information

Intel® SGX provides an encrypted computing environment at the physical level and ensures data security by providing hardware-based protection instead of firmware- or software-based protection. Intel® SGX uses instruction set extensions and an access control mechanism to isolate the runtime environment of SGX programs. This helps protect the confidentiality and integrity of key code and data against malware attacks. Unlike other security technologies, Intel® SGX uses the root of trust that contains only hardware. This can avoid defects caused by the security vulnerabilities of software-based root of trust, and improve system security.

The g7t, c7t, and r7t security-enhanced instance families provide encrypted memory based on Intel® SGX and support Virtual SGX (vSGX). You can develop and run SGX programs on vSGX instances.
Notice If you use keys that are bound to hardware to encrypt data within an Intel SGX enclave, the encrypted data cannot be decrypted after the host of an instance is changed. For example, you can encrypt data based on SGX sealing. We recommend that you perform data redundancy and backup at the application layer to ensure application reliability.

Check whether SGX is enabled

Before you build an SGX encrypted computing environment, you can use the CPUID instruction to check whether SGX is enabled. In this topic, the Alibaba Cloud Linux 2.1903 64-bit (UEFI) image or Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is used to demonstrate how to check whether SGX is enabled.

  1. Install CPUID.
    yum install -y cpuid
  2. Check whether SGX is enabled.
    cpuid -1 -l 0x7 |grep SGX
    The following figure indicates that SGX is enabled. sgx-install
    Note After SGX is enabled, the SGX driver is required for SGX programs to run. The dedicated images provided by Alibaba Cloud have a built-in SGX driver. If you do not use a dedicated image, install the SGX driver.
  3. Check whether the SGX driver is installed.
    ls -l /dev/{sgx_enclave,sgx_provision}
    The following figure indicates that the SGX driver is installed. sgx-driver

Build an SGX encrypted computing environment

Before you develop SGX programs, you must install the runtime and Software Development Kit (SDK) on a vSGX instance and configure the remote attestation service. We recommend that you use dedicated images provided by Alibaba Cloud for better user experience. Dedicated images are equipped with the SGX driver and provide trusted execution environment (TEE) SDKs that are fully compatible with Intel® SGX SDK. In this topic, the Alibaba Cloud Linux 2.1903 64-bit (UEFI) image or Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is used to demonstrate how to build an SGX encrypted computing environment. If you use Ubuntu images, CentOS images, or other Linux images, install the SGX driver and Platform SoftWare (PSW). For more information, see Intel® SGX Software Installation Guide.

  1. Install the Alibaba Cloud SGX runtime.
    Note If you create a vSGX instance in the Elastic Compute Service (ECS) console, the Alibaba Cloud SGX runtime is automatically installed. You can skip this step and install Alibaba Cloud TEE SDK.
    1. Import the YUM software repository for Alibaba Cloud encrypted computing to one of the following URLs.
      • Public URLs are in the following format: https://enclave-[Region-ID].oss-[Region-ID].aliyuncs.com/repo/alinux/enclave-expr.repo
      • Internal URLs over a virtual private cloud (VPC) are in the following format: https://enclave-[Region-ID].oss-[Region-ID]-internal.aliyuncs.com/repo/alinux/enclave-expr.repo
      Replace [Region-ID] in the preceding URLs with the region ID of the vSGX instance. The following example shows the internal address of a vSGX instance in the China (Hangzhou) region over a VPC:
      sudo yum install -y yum-utils && \
      sudo yum-config-manager --add-repo \
      https://enclave-cn-hangzhou.oss-cn-hangzhou-internal.aliyuncs.com/repo/alinux/enclave-expr.repo
    2. Install the Alibaba Cloud SGX runtime.
      yum install -y \
      libsgx-ae-le libsgx-ae-pce libsgx-ae-qe3 libsgx-ae-qve \
      libsgx-aesm-ecdsa-plugin libsgx-aesm-launch-plugin libsgx-aesm-pce-plugin libsgx-aesm-quote-ex-plugin \
      libsgx-dcap-default-qpl libsgx-dcap-ql libsgx-dcap-quote-verify \
      libsgx-enclave-common libsgx-launch libsgx-pce-logic libsgx-qe3-logic libsgx-quote-ex \
      libsgx-ra-network libsgx-ra-uefi libsgx-uae-service libsgx-urts sgx-ra-service \
      sgx-aesm-service
      Note SGX Architectural Enclave Service Manager (AESM) is used to manage services such as enclave start, key configuration, and remote attestation. The default installation path of SGX AESM is /opt/intel/sgx-aesm-service.
  2. Install Alibaba Cloud TEE SDK.
    yum install -y sgxsdk
    Alibaba Cloud TEE SDK is fully compatible with Intel® SGX SDK. After Alibaba Cloud TEE SDK is installed, you can refer to Intel® SGX Developer Reference to develop SGX programs.
    Note The default installation path of Intel® SGX SDK in Alibaba Cloud TEE SDK is /opt/alibaba/teesdk/intel/sgxsdk/.
  3. Configure the Alibaba Cloud SGX remote attestation service.
    The Alibaba Cloud SGX remote attestation service is fully compatible with Intel® SGX Elliptic Curve Digital Signature Algorithm (ECDSA)-based remote attestation service and Intel® SGX SDK. Therefore, vSGX instances provided by Alibaba Cloud can gain trust from remote providers and producers by using remote attestation. The Alibaba Cloud SGX remote attestation service provides the following information for SGX SDK:
    • SGX certificates
    • Revocation list: a list of revoked SGX certificates
    • Trusted computing base information: information about the root of trust
    Note Intel Ice Lake supports only remote attestation based on Intel Software Guard Extensions Data Center Attestation Primitives (Intel SGX DCAP), and does not support remote attestation based on Intel Enhanced Privacy ID (EPID). You must adapt applications before you can use the remote attestation feature. For more information about remote attestation, see Strengthen Enclave Trust with Attestation.
    The Alibaba Cloud SGX remote attestation service is deployed on a per-region basis. You can access this service deployed in the region where the vSGX instance is located for optimal stability. After Alibaba Cloud TEE SDK is installed, the default configuration file /etc/sgx_default_qcnl.conf is automatically generated for the remote attestation service. You must manually adapt the file to the Alibaba Cloud SGX remote attestation service in the region where the vSGX instance is located.
    Note The Alibaba Cloud SGX remote attestation service is supported only within mainland China regions. For more information, see Regions and zones.
    • If the vSGX instance is assigned a public IP address, change the configurations in /etc/sgx_default_qcnl.conf to the following content:
      # PCCS server address
      PCCS_URL=https://sgx-dcap-server.[Region-ID].aliyuncs.com/sgx/certification/v3/
      # To accept insecure HTTPS cert, set this option to FALSE
      USE_SECURE_CERT=TRUE
      Replace [Region-ID] with the region ID of the vSGX instance. Example for a vSGX instance in the China (Hangzhou) region:
      # PCCS server address
      PCCS_URL=https://sgx-dcap-server.cn-hangzhou.aliyuncs.com/sgx/certification/v3/
      # To accept insecure HTTPS cert, set this option to FALSE
      USE_SECURE_CERT=TRUE
    • If the vSGX instance is in a VPC and has only a private IP address, change the configurations in /etc/sgx_default_qcnl.conf to the following content:
      # PCCS server address
      PCCS_URL=https://sgx-dcap-server-vpc.[Region-ID].aliyuncs.com/sgx/certification/v3/
      # To accept insecure HTTPS cert, set this option to FALSE
      USE_SECURE_CERT=TRUE
      Replace [Region-ID] with the region ID of the vSGX instance. Example for a vSGX instance in the China (Hangzhou) region:
      # PCCS server address
      PCCS_URL=https://sgx-dcap-server-vpc.cn-hangzhou.aliyuncs.com/sgx/certification/v3/
      # To accept insecure HTTPS cert, set this option to FALSE
      USE_SECURE_CERT=TRUE

Example 1 of verifying SGX features: Start an enclave

Alibaba Cloud TEE SDK provides SGX sample code to verify SGX features. By default, the code is stored in the /opt/alibaba/teesdk/intel/sgxsdk/SampleCode directory.

This section describes an example of how to start an enclave to verify whether the installed SGX SDK works normally. If the enclave is started, the SDK works normally.

  1. Install a compiler.
    • If the Alibaba Cloud Linux 2.1903 64-bit (UEFI) image is used, install devtoolset.
      1. Open the Alibaba Cloud experimental repository.
        rpmkeys --import http://mirrors.cloud.aliyuncs.com/epel/RPM-GPG-KEY-EPEL-7 && \
        yum install -y alinux-release-experimentals
      2. Install devtoolset.
        yum install -y devtoolset-9
      3. Set the environment variable related to devtoolset.
        source /opt/rh/devtoolset-9/enable
    • If the Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is used, install Development Tools.
      yum groupinstall -y "Development Tools"
  2. Set the environment variable related to SGX SDK.
    source /opt/alibaba/teesdk/intel/sgxsdk/environment
  3. Compile the sample code SampleEnclave.
    1. Go to the SampleEnclave directory.
      cd /opt/alibaba/teesdk/intel/sgxsdk/SampleCode/SampleEnclave
    2. Compile SampleEnclave.
      make
  4. Run the compiled executable file.
    ./app

Example 2 of verifying SGX features: SGX remote attestation

Alibaba Cloud TEE SDK provides SGX sample code to verify SGX features. By default, the code is stored in the /opt/alibaba/teesdk/intel/sgxsdk/SampleCode directory.

This section describes an example of the SGX remote attestation service (QuoteGenerationSample and QuoteVerificationSample). The expected result is that Quote is generated and verified. The example involves the challenged party (SGX programs that run in the vSGX instance) and the challenging party (the party that wants to verify whether the SGX programs are trusted). QuoteGenerationSample is the sample code used by the challenged party to generate Quote, and QuoteVerificationSample is the sample code used by the challenging party to verify Quote.

  1. Install a compiler.
    • If the Alibaba Cloud Linux 2.1903 64-bit (UEFI) image is used, install devtoolset.
      1. Open the Alibaba Cloud experimental repository.
        rpmkeys --import http://mirrors.cloud.aliyuncs.com/epel/RPM-GPG-KEY-EPEL-7 && \
        yum install -y alinux-release-experimentals
      2. Install devtoolset.
        yum install -y devtoolset-9
      3. Set the environment variable related to devtoolset.
        source /opt/rh/devtoolset-9/enable
    • If the Alibaba Cloud Linux 3.2104 64-bit (UEFI) image is used, install Development Tools.
      yum groupinstall -y "Development Tools"
  2. Set the environment variable related to SGX SDK.
    source /opt/alibaba/teesdk/intel/sgxsdk/environment
  3. Install the dependency package of SGX remote attestation.
    yum install -y libsgx-dcap-ql-devel libsgx-dcap-quote-verify-devel
  4. Compile the sample code QuoteGenerationSample used by the challenged party.
    1. Go to the QuoteGenerationSample directory.
      cd /opt/alibaba/teesdk/intel/sgxsdk/SampleCode/QuoteGenerationSample
    2. Compile QuoteGenerationSample.
      make
  5. Run the compiled executable file to generate Quote.
    ./app
  6. Compile the sample code QuoteVerificationSample used by the challenging party.
    1. Go to the QuoteVerificationSample directory.
      cd /opt/alibaba/teesdk/intel/sgxsdk/SampleCode/QuoteVerificationSample
    2. Compile QuoteVerificationSample.
      make
  7. Sign the QuoteVerificationSample enclave.
    To release an official version of an enclave, you must provide the signature key to sign the enclave.
    sgx_sign sign -key Enclave/Enclave_private_sample.pem -enclave enclave.so -out enclave.signed.so -config Enclave/Enclave.config.xml
  8. Run the compiled executable file to verify Quote.
    ./app

Known issues

The SGX driver that comes with Alibaba Cloud Linux 2 in the kernel of the 4.19.91-23.al7.x86_64 version experiences memory leaks in some specific cases. This issue is fixed in the latest version. We recommend that you upgrade the kernel to the latest version. If you want to continue using this kernel version, we recommend that you install patches to avoid this issue.
yum install -y alinux-release-experimentals && \
    yum install -y kernel-hotfix-5577959-23.al7.x86_64