Skip to main content

Common SGX Installation Issues

SGX CPU Support

If the machine you are using does not have SGX support, then it will be unable to run Enclave. Most Intel Core CPUs produced after 2015 have SGX support, as well as Intel Xeon E3 and Xeon E CPUs. For more details, see Intel ARK.

Before renting a cloud server, you should first inquire from the cloud service provider which machines support SGX, and then make your selection based on their recommendations.

AESM Service

The AESM service is indispensable for running an enclave. Therefore, ensure that the AESM service is running properly before running the enclave. Below are the commands for managing the AESM service:

  • To stop the service: $ sudo service aesmd stop
  • To start the service: $ sudo service aesmd start
  • To restart the service: $ sudo service aesmd restart
  • To show status of the service: $ sudo service aesmd status

The aesmd service uses the HTTP protocol to initialize some services. If a proxy is required for the HTTP protocol, you may need to manually set up the proxy for the aesmd service. You should manually edit the file /etc/aesmd.conf (refer to the comments in the file) to set the proxy for the aesmd service. After you configure the proxy, you need to restart the service to enable the proxy.

PCCS

If the parameters such as pccs_url in the /etc/sgx_default_qcnl.conf file are not properly configured, remote attestation will not function correctly.

When you encounter issues, if you are using a cloud service, you can seek assistance from the cloud service provider's technical support. If you are using your own server, you can refer to Intel SGX documentation or the guide on Quote Verification and Attestation with Intel SGX DCAP to set up your own PCCS.

If you are truly unable to resolve the issue, you can raise the problem on GitHub or send the issue to the email address business@safeheron.com, and we will reproduce and resolve the issue for you.