Swisstronik Docs
  • 🇨🇭About Swisstronik
    • What is Swisstronik?
    • Swisstronik vs Ethereum
    • Useful links
  • 🌐General
    • Intel SGX
    • Governance
      • On-Chain Proposal
      • Formatting a Proposal
      • Submitting a Proposal
      • Governable Parameters
    • Community Pool
    • Accounts
    • Transactions
    • Gas and Fees
    • Coin & Tokens
  • ⚒️Development
    • Endpoints
    • Connect wallets
      • MetaMask (EVM) - Manual
      • Keplr (Cosmos)
      • Testnet Metamask (EVM) - Chainlist
      • Testnet MetaMask (EVM) - Manual
      • Testnet Keplr (Cosmos)
    • Get test coins
    • SwisstronikJS SDK
      • SwisstronikJS Functions
      • Swisstronik & Ethereum transactions
      • Transaction - code sample
      • Swisstronik & Ethereum calls
      • Call - code sample
    • Swisstronik CLI
      • Installation
      • Configuration
      • Key management
      • Queries
      • Sending SWTR
      • For SDI Issuers
    • Guides
      • Contract deployment - Hardhat
        • 1. Setting up the Hardhat environment
        • 2. Configure hardhat.config.js
        • 3. Write and compile the smart contract
        • 4. Deploy the smart contract
        • 5. Interact with the contract - Transaction
        • 6. Interact with the contract - Call
      • Contract deployment - Remix IDE
      • Deployment & Interaction PERC-20
        • ERC-20 & PERC-20
        • Sample PERC20 contract
        • Deployment & Interaction with contract
        • How to use encryption
      • Contract verification
      • SDI for dapp developers
    • Local testnet
    • Web3JS, Ethers, Viem and other third-party libraries
  • 🖥️Node setup
    • Setup SGX
      • Supported Hardware
      • Setup Intel SGX
    • Setup node
      • Mainnet
        • v1.0.1 Upgrade
      • Testnet
        • Install from .deb package
        • Configure node
        • Upgrade your testnet node
          • Swisstronik v3 Testnet
          • Swisstronik v4 Testnet
          • Swisstronik v5 Testnet
          • Swisstronik v5.1 Testnet
          • Swisstronik v6 Testnet
          • Swisstronik v7 Testnet
          • Swisstronik v8 Testnet
        • Seed Node
        • Live Peers
        • Genesis Mirror Download
    • CLI Cheatsheet
  • 🤝Delegators
    • What is a delegator?
    • Delegator Guide (CLI)
    • Delegators Security
Powered by GitBook
On this page
  • Configure BIOS
  • Install Intel SGX Driver
  • Install Intel AESM service
  • Ubuntu 22.04
  • Install all required libraries
  • Ubuntu 22.04
  • Verify SGX Setup
  • Install Dependencies​
  • Install Rust​
  • Build and Install sgxs-tools​
  • Run sgx-detect tool​
  • Common issues
  1. Node setup
  2. Setup SGX

Setup Intel SGX

PreviousSupported HardwareNextSetup node

Last updated 10 days ago

Please ensure, that you are using compliant hardware. You can check the list of supported hardware .

Configure BIOS

  • Enable SGX

  • Disable Secure Boot

  • Disable Hyper Threading

  • Disable Turbo Mode

  • Enable CPU AES

Install Intel SGX Driver

If you have Linux kernel version 5.11 or higher, Intel SGX Driver is already included and you can skip this step.

Go to and find your platform. Download the binary file, which should be named something like sgx_linux_x64_driver_2.11.54c9c4c.bin and install it. For example (on Ubuntu 22.04):

wget https://download.01.org/intel-sgx/sgx-linux/2.22/distro/ubuntu22.04-server/sgx_linux_x64_driver_2.11.54c9c4c.bin 
chmod +x sgx_linux_x64_driver_2.11.54c9c4c.bin
sudo ./sgx_linux_x64_driver_2.11.54c9c4c.bin

Install Intel AESM service

Ubuntu 22.04

Enable the Intel SGX APT repository and install the required packages.

echo "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/intel-sgx.list >/dev/null
curl -sSL "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" | sudo -E apt-key add -
sudo apt update
sudo apt install sgx-aesm-service libsgx-aesm-launch-plugin libsgx-aesm-epid-plugin

To confirm that AESM service was installed correctly, run:

sudo systemctl status aesmd.service

Install all required libraries

Ubuntu 22.04

Enable the Intel SGX APT repository and install required packages to run swisstronikd:

echo "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/intel-sgx.list >/dev/null
curl -sSL "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" | sudo -E apt-key add -
sudo apt update
sudo apt install libsgx-launch libsgx-urts libsgx-epid libsgx-quote-ex sgx-aesm-service libsgx-aesm-launch-plugin libsgx-aesm-epid-plugin libsgx-quote-ex libsgx-dcap-ql libsnappy1v5 libsgx-dcap-quote-verify libsgx-dcap-default-qpl

After that you are ready to run swisstronikd.

Verify SGX Setup

There are no pre-built packages for it, so you will need to compile it yourself.

Make sure you have the following installed on your system:

On Fedora, you can install all the above with:

sudo dnf install gcc protobuf-compiler pkg-config openssl-devel

On Ubuntu, you can install all the above with:

sudo apt install gcc protobuf-compiler pkg-config libssl-dev

Install rustup by running:

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source "$HOME/.cargo/env"
cargo install sgxs-tools

After the installation completes, run sgx-detect to make sure that everything is set up correctly:

sudo $(which sgx-detect)

Note: If you don't run the sgx-detect tool as root, it might not have the necessary permissions to access the SGX kernel device.

When everything is working correctly, you should receive output similar to the following (some details may vary depending on hardware features):

Detecting SGX, this may take a minute...
✔  SGX instruction set  
  ✔  CPU support  
  ✔  CPU configuration  
  ✔  Enclave attributes  
  ✔  Enclave Page Cache  
  SGX features
      ✔  SGX2  ✔  EXINFO  ✔  ENCLV  ✔  OVERSUB  ✔  KSS    
      Total EPC size: 92.8MiB
✘  Flexible launch control  
  ✔  CPU support  
  ? CPU configuration  
  ✘  Able to launch production mode enclave
✔  SGX system software  
  ✔  SGX kernel device (/dev/isgx)  
  ✘  libsgx_enclave_common  
  ✔  AESM service  
  ✔  Able to launch enclaves    
    ✔  Debug mode    
    ✘  Production mode    
    ✔  Production mode (Intel whitelisted)

The important part is the checkbox under Able to launch enclaves in both Debug mode and Production mode (Intel whitelisted).

Common issues

If running sgx-detect --verbose reports:

SGX system software > SGX kernel devicePermission denied while opening the SGX device (/dev/sgx/enclave, /dev/sgx or/dev/isgx). Make sure you have the necessary permissions to create SGX enclaves.If you are running in a container, make sure the device permissions arecorrectly set on the container.debug: Error opening device: Permission denied (os error 13)debug: cause: Permission denied (os error 13)

Ensure you are running the sgx-detect tool as root via:

sudo $(which sgx-detect) --verbose

If running sgx-detect --verbose reports:

SGX system software > SGX kernel deviceThe SGX device (/dev/sgx/enclave, /dev/sgx or /dev/isgx) could not be opened:"/dev" mounted with `noexec` option.debug: Error opening device: "/dev" mounted with `noexec` optiondebug: cause: "/dev" mounted with `noexec` option

Ensure your system's /dev is NOT mounted with the noexec mount option.

If running sgx-detect --verbose reports:

SGX system software > Able to launch enclaves > Debug modeThe enclave could not be launched.debug: failed to load report enclavedebug: cause: failed to load report enclavedebug: cause: Failed to map enclave into memory.debug: cause: Operation not permitted (os error 1)

Ensure your system's /dev is NOT mounted with the noexec mount option.

In order to make sure that your SGX setup is working, you can use the sgx-detect tool from the Rust package.

Install Dependencies

;

compiler;

;

development package.

Install

Build and Install sgxs-tools

Run sgx-detect tool

In case you encounter errors, see the for help.

Permission Denied When Accessing SGX Kernel Device

Error Opening SGX Kernel Device

Unable to Launch Enclaves.

🖥️
here
Intel Downloads page
sgxs-tools
​
GCC
Protobuf
pkg-config
OpenSSL
Rust
​
​
​
list of common SGX installation issues
​
​
​