How to enable SGX in Azure VM to run another application?

[maincui]

Hello,

看ID应该是同胞哈，请问怎么在Azure VM上配置SGX来让它支持别的应用程序呢？一直没有配置成功，是SGX驱动/SDK/PSW不支持虚拟机，必须运行在物理芯片和主机上吗？

另外，怎么知道SGX配置成功了呢？按照intel的开源项目，是硬件模式编译的示例应用运行成功还是AESMD服务成功运行？

非常抱歉冒昧打扰了，也希望能得到你的帮助， Main C

[Jim8y]

抱歉哈，我没有在Azure VM上配置的经验，但是我在阿里云上查过，需要神龙什么的，也就是说至少在阿里云上需要特殊的硬件支持的vm。https://www.alibabacloud.com/help/zh/doc-detail/60576.html?spm=a2c5t.10695662.1996646101.searchclickresult.43cf4c81kXHuar

[maincui]

你太客气了，没在Azure上配置过不要紧，但怎么知道配置的SGX是成功了呢？AESMD现在能运行，虽然报错平台服务初始化失败DAL出错，但之后也显示了好像成功的log，请问这是成功了吗？

The server sock is 0x55a790600e60 ，这里的sock是socket吗？后面16进制的数字是什么？

● aesmd.service - Intel(R) Architectural Enclave Service Manager
   Loaded: loaded (/lib/systemd/system/aesmd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-09-02 12:02:46 UTC; 16h ago
 Main PID: 152467 (aesm_service)
    Tasks: 4 (limit: 19164)
   CGroup: /system.slice/aesmd.service
           └─152467 /opt/intel/libsgx-enclave-common/aesm/aesm_service

Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init at server side failed
Sep 02 12:02:46 PigramUbuntu1804NoEnclave jhi[152467]: JHI init failed. Status: 768
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]Platform Services initializing
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]Platform Services initialization failed due to DAL error
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: The server sock is 0x55a790600e60
Sep 02 12:02:46 PigramUbuntu1804NoEnclave aesm_service[152467]: [ADMIN]White list update request successful for Version: 57

[Jim8y]

最简单的方式就是编译运行一下他们提供的sample，一个SimpleEnclave，如果你的SGX环境配置正确，那就可以直接出结果，否则的话会提示你找不到SGX。

[maincui]

driver/PSW里没有例子啊，psw安装好后aesmd就出来上面的错误和成功夹在的日志，也不知道到底是成功还是失败，是否还有参数需要配置 SDK里有例子，但simulation模式成功，hardware模式时成时败

[Jim8y]

hardware模式失败的话，要么是硬件本身不支持，要么是支持但是bios没开，这两个原因你虚拟机的话啥都做不了，另外还有可能是driver没装好，我经常遇到原本好好的环境突然就不行了，你可以试试重新安装一遍sdk和driver。

[maincui]

好，昨晚跌跌撞撞最后成功了，但是具体哪些操作是必要的哪些不是必要的还不清楚，准备再建一个虚拟机重新操作一遍，也算总结经验，谢谢你的帮助！

[maincui]

To all who may want to know how to check/enable/install SGX for support on VM, also maybe applicable to bare metal machines, which I will check later in production phase:

1. Try to check the availability and status of the OS via sgx-hardware

2. Install SGX driver(maybe unnecessary for bare metal machine) and PSW for support to 3rd-party applications, no need to install SDK. Install it if you want develop program based on SGX.

3. After PSW installed, enable/start AESMD service and check its status. Ignore the DAL error, when it shows log as the above, you are ready to run your application.

[Jim8y]

@maincui Thank you for sharing, I believe your experience values to all SGX researchers.

[SongChujun]

好，昨晚跌跌撞撞最后成功了，但是具体哪些操作是必要的哪些不是必要的还不清楚，准备再建一个虚拟机重新操作一遍，也算总结经验，谢谢你的帮助！

所以最后成功了吗？任意azure的vm都可以用sgx吗？谢谢！