Intel's Software Guard Extensions (SGX) is a set of extensions to the Intel architecture that aims to provide integrity and confidentiality guarantees to security-sensitive computation performed on a computer where all the privileged software (kernel, hypervisor, etc) is potentially malicious.
This is Intel SGX support for FreeBSD.
The SGX kernel driver was developed and tested on FreeBSD 12.0-CURRENT. Intel SGX SDK can be built on both 11-STABLE, 12-STABLE, and 13.0-CURRENT.
0. Ensure your hardware supports SGX. Enable SGX in BIOS if required.
1. On FreeBSD 12-STABLE or 13.0-CURRENT load SGX module
% sudo kldload sgx
2. Build SGX SDK
% sudo pkg install protobuf gmake gcc48 ocaml autoconf automake libtool % git clone https://github.com/bukinr/freebsd-sgx.git % cd freebsd-sgx % sh download_prebuilt.sh % gmake -j4 % sudo gmake install
3. Run SGX service daemon
% sudo ./build/linux/aesm_service
Note: The only possible flag for aesm_service is --no-daemon
4. Build and run sample application
% cd SampleCode/LocalAttestation/ % gmake % sudo ./app
5. To run sample app without SGX SDK installed to /usr/lib
% setenv LD_LIBRARY_PATH ../../build/linux % sudo --preserve-env=LD_LIBRARY_PATH ./app
You should see successfull messages, otherwise please report to br@bsdpad.com
Papers Intel SGX Explained
SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution