Latest revision as of 16:03, 11 November 2024

SGX guidance

This page provides guidance on using SGX in the context of Fedora

Software installation

Until the packages are a standard part of Fedora, they are available from Copr. A minimal setup of a machine with SGX would involve the sgx-pckid-tool and sgx-mpa. The latter is recommended on multi-socket machines to enable automatic registration, and a functional no-op on single-socket machines, so it is easiest to simply always install it.

 $ dnf copr enable berrange/sgx-ng
 $ dnf install sgx-pckid-tool sgx-mpa

Firmware configuration

Machines will typically ship with SGX support disabled in the firmware, so while the software can be installed immediately, it won't be usable until SGX is enabled in the firmware. Determine whether SGX is enabled on the machine by looking for the existence of the /dev/sgx_enclave' device node. If missing, proceed with Enabling SGX, otherwise (optionally) proceed with Re-initializing SGX

Enabling SGX

Enabling SGX is a multi-step process requiring reboots. Cold boot the machine, and hit the magic key needed to enter the firmware menu, or use an integrated mgmt service such as iDrac if available.

Two settings must be toggled first, before other settings will become available:

Under the "System Security" menu (or similar) change the "Memory Encryption" option to "Multiple Keys"
Under the "Processor Settings" menu (or similar) change the "CPU Physical Address Limit" option to "Disabled"
Under the "Process Settings" menu (or similar) change the "SGX Factory Reset" option to "On"

With these changes made, select "Apply and reboot".

When the machine restarts, once again enter the firmware menus to toggled further settnigs

Under the "Process Settings" menu (or similar) change the "SGX" option to "On"
Under the "Process Settings" menu (or similar) change the " Enable/Disable SGX Auto MP Registration Agent " option to "Enabled"

With these changes made, select "Apply and reboot".

Note: if "SGX" option only offers "Off" as a choice this indicates that either the current hardware is not a compatible configuration, or another firmware setting is in an incompatible state. For example, SGX may require specific DIMM slot population. Consult your hardware vendor's documentation for further guidance.

Re-provisioning SGX

If a machine has previously been used with SGX enabled, a reset is recommended in the firmware for the new owner to take ownership of the platform. Cold boot the machine, and hit the magic key needed to enter the firmware menu, or use an integrated mgmt service such as iDrac if available.

Under the "Process Settings" menu (or similar) change the "SGX Factory Reset" option to "On"

With this change made, select "Apply and reboot".

When the machine restarts, once again enter the firmware menus to toggled further settnigs

Under the "Process Settings" menu (or similar) change the "Enable/Disable SGX Auto MP Registration Agent " option to "Enabled"

With this change made, select "Apply and reboot".

Validating the SGX setup

To validate a correct setup, the following checks should be made

The devices nodes /dev/sgx_enclave, /dev/sgx_provision and /dev/sgx_vepc should exist, with the group set to sgx for the first & last, and sgxprv for the middle node.
The mpa_manage -get_sgx_status command should report SGX status: MP_SGX_ENABLED, which means: SGX is enabled.
The mpa_manage -get_registration_status command should report Registration process completed successfully.

Troubleshooting

If the mpa_manage -get_registration_status command reports Registration is in progress., there are two likely problems

. The "Enable/Disable SGX Auto MP Registration Agent " UEFI option was not set to "Enabled"
. The mpa_registration.service systemd unit file was not started

If neither of those were the problem, then edit /etc/mpa_registration.conf to set the log level to info, and then re-start mpa_registration.service. The /var/log/mpa_registration.log file should now contain further details on what has happened.

Example usage test

XXX: in absence of TDX support in QEMU coming at a later date, there's nothing proposed for Fedora that can be used as a way to validate correctness of SGX.

@@ Line 5: / Line 5: @@
 == Software installation ==
-Until the packages are a standard part of Fedora, they are available from Copr. A minimal setup of a machine with SGX would involve the `sgx-pckid-tool` and `sgx-mpa`. The latter is mandatory on multi-socket machines, and a functional no-op on single-socket machines, so it is easiest to simply always install it.
+Until the packages are a standard part of Fedora, they are available from Copr. A minimal setup of a machine with SGX would involve the `sgx-pckid-tool` and `sgx-mpa`. The latter is recommended on multi-socket machines to enable automatic registration, and a functional no-op on single-socket machines, so it is easiest to simply always install it.
    $ dnf copr enable berrange/sgx-ng
    $ dnf install sgx-pckid-tool sgx-mpa
-== Host configuration ==
-On a multiple socket machine, it is necessary to configure an API key to access the "[https://api.portal.trustedservices.intel.com/ Intel SGX and Intel TDX Registration Service]". Each physical socket has its own identity, and the API service is used to allocate an identity that associates the distinct sockets. This combined identity is what's then used by SGX in any quotes. Visit the aforementioned site, register a free account, record the API key that is associated with it, and store that on the local machine.
- $ vi /etc/mpa_registration.conf
- ...fill the 'subscription key' field...
-It is now possible to reboot the machine and provided SGX is enabled in the EFI firmware, and the host has network access, registration will automatically take place automatically on boot, via ``mpa_registration.service``.
-NB, registration is a one time operation, so on subsequent boots ``mpa_registration.service`` will be a no-op.
-If taking over ownership of an existing machine, it is required to force an SGX reset in the firmware, to permit re-registration  creating a new machine identity.
 == Firmware configuration ==
@@ Line 58: / Line 45: @@
 When the machine restarts, once again enter the firmware menus to toggled further settnigs
-# Under the "'''Process Settings'''" menu (or similar) change the "''' Enable/Disable SGX Auto MP Registration Agent '''" option to "'''Enabled'''"
+# Under the "'''Process Settings'''" menu (or similar) change the "'''Enable/Disable SGX Auto MP Registration Agent '''" option to "'''Enabled'''"
 With this change made, select "'''Apply and reboot'''".
+== Validating the SGX setup ==
+To validate a correct setup, the following checks should be made
+* The devices nodes '''/dev/sgx_enclave''', '''/dev/sgx_provision''' and '''/dev/sgx_vepc''' should exist, with the group set to '''sgx''' for the first & last, and '''sgxprv''' for the middle node.
+* The '''mpa_manage -get_sgx_status''' command should report '''SGX status: MP_SGX_ENABLED, which means: SGX is enabled.'''
+* The '''mpa_manage -get_registration_status''' command should report '''Registration process completed successfully.'''
+== Troubleshooting ==
+* If the '''mpa_manage -get_registration_status''' command reports '''Registration is in progress.''', there are two likely problems
+#. The "'''Enable/Disable SGX Auto MP Registration Agent '''" UEFI option was not set to "'''Enabled'''"
+#. The '''mpa_registration.service''' systemd unit file was not started
+If neither of those were the problem, then edit '''/etc/mpa_registration.conf''' to set the log level to '''info''', and then re-start  '''mpa_registration.service'''. The '''/var/log/mpa_registration.log''' file should now contain further details on what has happened.
+== Example usage test ==
+'''XXX''': in absence of TDX support in QEMU coming at a later date, there's nothing proposed for Fedora that can be used as a way to validate correctness of SGX.

Search

Virt/SGX: Difference between revisions