Closed lacabra closed 6 years ago
Thanks for the report! So you are able to execute SGX enclaves on the IBM Cloud Data Guard but the following sgx_tservice functions are not available:
sgx_create_pse_session
sgx_close_pse_session
sgx_get_ps_sec_prop
sgx_get_trusted_time
sgx_create_monotonic_counter_ex
sgx_create_monotonic_counter
sgx_destroy_monotonic_counter
sgx_increment_monotonic_counter
sgx_read_monotonic_counter
Thanks a lot for your work! I will close the issue for now. Feel free to reopen it if you want to discuss SGX on IBM with the community.
@ayeks: To your comment above, that is correct: I am able to execute SGX enclaves without the functions that you outline in your comment. And while not ideal, you can circumvent these, so you can arguably have fully capable SGX instances: you should be able to open a TLS connection to an NTP server you trust from within the enclave to obtain a source of trusted time. If you think of trusted monotonic counter as an instance of trusted time, you could get both using the same mechanism (these are suggestions from an Intel SGX architect).
@lacabra Thank you for the clarification! That makes total sense. I will comment that workaround in the documentation.
IBM Cloud Data Guard provides cloud computing infrastructure with support for Intel's SGX. Through IBM Cloud one can contract a single processor bare metal server with SGX support, with the following minimum configuration for $276/month (as of May 2018):
Here's the report from an instance with the above specifications:
SGX capabilities are fully functional and I was able to install sgx-linux-driver, and the sgx-linux SDK, and run code inside the enclave. As mentioned in this README, this processor is part of the Xeon E3 family, which means that the Trusted Platform Service Functions (monotonic counters, trusted time) are not available. Otherwise it works as expected.
Issue referenced in #37.