Quick start

Quick start without SGX support

  1. Clone the Graphene repository:

    git clone https://github.com/oscarlab/graphene.git

  2. Build Graphene:

    sudo apt-get install -y build-essential autoconf gawk bison wget python3
cd graphene
make

  3. Build and run helloworld:

    cd LibOS/shim/test/regression
make
./pal_loader helloworld

  4. For more complex examples, see Examples directory.

Quick start with SGX support

Graphene-SGX requires that the FSGSBASE feature of recent processors is enabled in the Linux kernel. For the ways to enable the FSGSBASE feature, please refer to Building.

Before you run any applications in Graphene-SGX, please make sure that Intel SGX SDK and the SGX driver are installed on your system. We recommend using Intel SGX SDK and the SGX driver no older than version 1.9 (or the DCAP SGX SDK and the driver version 1.4/1.5/1.6).

If Intel SGX SDK and the SGX driver are not installed, please follow the READMEs in https://github.com/01org/linux-sgx and https://github.com/01org/linux-sgx-driver to download and install them. If you want to use the DCAP SDK and driver, please follow the README in https://github.com/intel/SGXDataCenterAttestationPrimitives. Please note, that the DCAP driver requires Graphene to run as a root user to access it.

  1. Ensure that Intel SGX is enabled on your platform:

    lsmod | grep sgx
ps ax | grep [a]esm_service

The first command should list isgx (or sgx) and the second command should list the process status of aesm_service.

  1. Clone the Graphene repository:

    git clone https://github.com/oscarlab/graphene.git
cd graphene

  2. Prepare a signing key:

    openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072

  3. Build Graphene and Graphene-SGX:

    sudo apt-get install -y \
   build-essential autoconf gawk bison wget python3 libcurl4-openssl-dev \
   python3-protobuf libprotobuf-c-dev protobuf-c-compiler python3-pip
python3 -m pip install toml>=0.10
make
ISGX_DRIVER_PATH=<path-to-sgx-driver-sources> make SGX=1

  4. Set vm.mmap_min_addr=0 in the system (only required for the legacy SGX driver and not needed for newer DCAP/in-kernel drivers):

    sudo sysctl vm.mmap_min_addr=0

    Note that this is an inadvisable configuration for production systems.

  5. Build and run helloworld:

    cd LibOS/shim/test/regression
make SGX=1
make SGX=1 sgx-tokens
SGX=1 ./pal_loader helloworld

Running sample applications

We prepared and tested several applications to demonstrate Graphene and Graphene-SGX usability. These applications can be found in the Examples folder in the repository, each containing a short README with instructions how to test it. We recommend starting with simpler, thoroughly documented examples like Memcached and Redis, to understand manifest options and features of Graphene.