Please ensure, that you are using compliant hardware. You can check the list of supported hardware .
Configure BIOS
Enable SGX
Disable Secure Boot
Disable Hyper Threading
Disable TurboMode
Enable CPUAES
Install Intel SGX Driver
If you have Linux kernel version 5.11 or higher, Intel SGX Driver is already included and you can skip this step.
Go to and find your platform. Download the binary file, which should be named something like sgx_linux_x64_driver_2.11.54c9c4c.bin and install it. For example (on Ubuntu 22.04):
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
source "$HOME/.cargo/env"
cargo install sgxs-tools
After the installation completes, run sgx-detect to make sure that everything is set up correctly:
sudo $(which sgx-detect)
Note: If you don't run the sgx-detect tool as root, it might not have the necessary permissions to access the SGX kernel device.
When everything is working correctly, you should receive output similar to the following (some details may vary depending on hardware features):
Detecting SGX, this may take a minute...
✔ SGX instruction set
✔ CPU support
✔ CPU configuration
✔ Enclave attributes
✔ Enclave Page Cache
SGX features
✔ SGX2 ✔ EXINFO ✔ ENCLV ✔ OVERSUB ✔ KSS
Total EPC size: 92.8MiB
✘ Flexible launch control
✔ CPU support
? CPU configuration
✘ Able to launch production mode enclave
✔ SGX system software
✔ SGX kernel device (/dev/isgx)
✘ libsgx_enclave_common
✔ AESM service
✔ Able to launch enclaves
✔ Debug mode
✘ Production mode
✔ Production mode (Intel whitelisted)
The important part is the checkbox under Able to launch enclaves in both Debug mode and Production mode (Intel whitelisted).
Common issues
If running sgx-detect --verbose reports:
SGX system software > SGX kernel devicePermission denied while opening the SGX device (/dev/sgx/enclave, /dev/sgx or/dev/isgx). Make sure you have the necessary permissions to create SGX enclaves.If you are running in a container, make sure the device permissions arecorrectly set on the container.debug: Error opening device: Permission denied (os error 13)debug: cause: Permission denied (os error 13)
Ensure you are running the sgx-detect tool as root via:
sudo $(which sgx-detect) --verbose
If running sgx-detect --verbose reports:
SGX system software > SGX kernel deviceThe SGX device (/dev/sgx/enclave, /dev/sgx or /dev/isgx) could not be opened:"/dev" mounted with `noexec` option.debug: Error opening device: "/dev" mounted with `noexec` optiondebug: cause: "/dev" mounted with `noexec` option
Ensure your system's /dev is NOT mounted with the noexec mount option.
If running sgx-detect --verbose reports:
SGX system software > Able to launch enclaves > Debug modeThe enclave could not be launched.debug: failed to load report enclavedebug: cause: failed to load report enclavedebug: cause: Failed to map enclave into memory.debug: cause: Operation not permitted (os error 1)
Ensure your system's /dev is NOT mounted with the noexec mount option.
In order to make sure that your SGX setup is working, you can use the sgx-detect tool from the Rust package.
Install Dependencies
;
compiler;
;
development package.
Install
Build and Install sgxs-tools
Run sgx-detect tool
In case you encounter errors, see the for help.
Permission Denied When Accessing SGX Kernel Device
