Konubinix' opinionated web of thoughts

Overview - SGX 101


  • External reference: @503debec3793459289a3be78029b38f3e7aa3a1e

In short, SGX architecture is a hardware-enforced security mechanism that requires Trusted Computing Base (TCB), Hardware Secrets, Remote Attestation, Sealed Storage and Memory Encryption.

Here, TCB will be the CPU’s package boundary and software components related to SGX.

The Intel SGX Platform Service (PSW) is required to run SGX enclaves. It contains drivers, services and Intel privileged enclaves for launch policy enforcement, EPID and remote attestation service and provisioning service.

The Intel SGX SDK is required to develop SGX enclaves and applications. It contains Intel custom libc and cryptographic libraries, each with 2 versions (debug & release). It also has tools such as sgx_edger8r to generate glue code (we will discuss this in the enclave tutorial) and sgx_sign to sign enclaves with development key.

Please follow the instructions to get Intel SGX SDK and PSW ready

See install the dev environment of intel sgx

Notes linking here