Enter BIOS by pressing the BIOS key during boot. The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC.
Usually Intel SGX is disabled by default.
To enable:
- find the Intel SGX feature in BIOS Menu (it is usually under the "Advanced" or "Security" menu)
- Set SGX in BIOS as
enabled(preferably) orsoftware-controlled. - save your BIOS settings and exit BIOS.
Software-controlled means that SGX needs to be enabled by running a utility.
This repo includes the sgx_enable utility. To enable SGX run:
sudo ./sgx_enableNote: if you are not using Ubuntu 20.04 (Not recommended!), you may need to rebuild the sgx-software-enable utility before use by typing:
cd sgx-software-enable;
makeInstall make and gcc if you do not have it:
apt-get install build-essentialRun the following command:
cd scripts; sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin; cd ..Alternatively, other driver versions may be downloaded from Intel.
Please note that version 2.11.b6f5b4a is what is currently supported.
Reboot you machine after driver install. Do ls /dev/isgx to check that isgx device is properly installed.
If you do not see the isgx device, you need to troubleshoot your driver installation.
If driver installation fails, you can also try installing driver from the Intel github repository. Do
git clone https://github.com/intel/linux-sgx-driverAnd then follow instructions in README.md
-
If the message
intel_sgx: SGX is not enabledappears in/var/log/syslogIntel SGX needs to be enabled in BIOS. -
If you are running in Intel SGX hardware mode, make sure you have device
/dev/isgx(and not/dev/sgx). Review the Intel SGX device driver installation instructions above. If you have/dev/sgxthe device driver must be removed first. -
If you are running in Intel SGX hardware mode, you need to modify the
ias_api_keyinconfig/tcs_config.tomlwith your IAS Subscription key obtained in the instructions above.