Azure SGX VM Attestation Problem
I have prepared an Azure SGX VM and want to conduct attestation with MAA(Microsoft Azure Attestation) according to Azure samples based on these two sources:
https://github.com/Azure-Samples/microsoft-azure-attestation/tree/master/sgx.attest.sample.intel.sdk and
Both the usage of Intel SDK and the OpenEnclave SDK require the installation of an Intel SGX DCAP Driver.
The following steps are necessary according to the repository:
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main" | sudo tee /etc/apt/sources.list.d/msprod.list
wget -qO - https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo apt -y update
sudo apt install -y dkms
wget https://download.01.org/intel-sgx/sgx-dcap/1.16/linux/distro/ubuntu18.04-server/sgx_linux_x64_driver_1.41.bin -O sgx_linux_x64_driver.bin
sudo chmod a+x sgx_linux_x64_driver.bin
sudo ./sgx_linux_x64_driver.bin
However, when I exec the "sudo ./sgx_linux_x64_driver.bin", it asks me to configure a password for the third-party drives; here is the "SGX Driver" downloaded.
The below is the output of "sudo ./sgx_linux_x64_driver.bin" after configuring the password.
azureuser@SgxVm01:~$ sudo ./sgx_linux_x64_driver.bin
Unpacking Intel SGX Driver ... done.
Verifying the integrity of the install package ... done.
Installing Intel SGX Driver ...
/tmp/sgx-driver-Q4rJ6I ~
install -d /opt/intel/sgxdriver/package
install -d /opt/intel/sgxdriver/scripts
cp -r package/* /opt/intel/sgxdriver/package
install scripts/* /opt/intel/sgxdriver/scripts
~
Creating symlink /var/lib/dkms/sgx/1.41/source ->
/usr/src/sgx-1.41
DKMS: add completed.
Kernel preparation unnecessary for this kernel. Skipping...
Building module:
cleaning build area...
'make' KDIR=/lib/modules/5.4.0-1138-azure/build....
Signing module:
- /var/lib/dkms/sgx/1.41/5.4.0-1138-azure/x86_64/module/intel_sgx.ko
cleaning build area...
DKMS: build completed.
intel_sgx:
Running module version sanity check.
- Original module
- Installation
- Installing to /lib/modules/5.4.0-1138-azure/updates/dkms/
depmod.......
DKMS: install completed.
groupadd: group 'sgx_prv' already exists
You may need to run "/sbin/modprobe intel_sgx (--allow-unsupported)" or reboot system manually!
uninstall.sh script generated in "/opt/intel/sgxdriver".
azureuser@SgxVm01:~$
As the prompt image shows, I think I should reboot the machine and enter the password I set.
But I am in a cloud Environment. How can I enter this password when the system reboots? After reboot, I found the system did pause at launch because I could not ssh to it quickly.
Besides, run "/sbin/modprobe intel_sgx (--allow-unsupported)" didn‘t help:
azureuser@SgxVm01:~$ /sbin/modprobe intel_sgx (--allow-unsupported)
-bash: syntax error near unexpected token `('
azureuser@SgxVm01:~$ sudo /sbin/modprobe intel_sgx (--allow-unsupported)
-bash: syntax error near unexpected token `('
azureuser@SgxVm01:~$ sudo /sbin/modprobe intel_sgx --allow-unsupported
/sbin/modprobe: unrecognized option '--allow-unsupported'
The system information:
Ubuntu Pro 18.04 LTS - x64 Gen2 #(selected at installation)
Linux SgxVm01 5.4.0-1138-azure #145~18.04.1-Ubuntu SMP Fri Aug 30 16:36:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
Size: Standard_DC1s_v2
Is there anyone familiar with Azure SGX VM who can tell me what's going wrong? Any suggestions are much appreciated.