Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious.

This is Intel SGX support for FreeBSD.

The SGX kernel driver was developed and tested on FreeBSD 12.0-CURRENT. Intel SGX SDK can be built on both 11-STABLE, 12-STABLE, and 13.0-CURRENT.

0. Ensure your hardware supports SGX. Enable SGX in BIOS if required.

1. On FreeBSD 12-STABLE or 13.0-CURRENT load SGX module

% sudo kldload sgx

2. Build SGX SDK

% sudo pkg install protobuf gmake gcc48 ocaml autoconf automake libtool
% git clone
% cd freebsd-sgx
% sh
% gmake -j4
% sudo gmake install

3. Run SGX service daemon

% sudo ./build/linux/aesm_service

Note: The only possible flag for aesm_service is --no-daemon

4. Build and run sample application

% cd SampleCode/LocalAttestation/
% gmake
% sudo ./app

5. To run sample app without SGX SDK installed to /usr/lib

% setenv LD_LIBRARY_PATH ../../build/linux
% sudo --preserve-env=LD_LIBRARY_PATH ./app

You should see successfull messages, otherwise please report to

Papers Intel SGX Explained

SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution

Intel_SGX (last edited 2019-02-18T00:37:39+0000 by MarkLinimon)