Skip to content

Latest commit

 

History

History
63 lines (51 loc) · 4.06 KB

WindowsManualSGX1FLCDCAPPrereqs.md

File metadata and controls

63 lines (51 loc) · 4.06 KB

SGX1 with Flexible Launch Control (FLC) Prerequisites on Windows

Intel Platform Software for Windows (PSW) v2.7

The PSW only needs to be manually installed if you are running on Windows Server 2016 or a version of Windows client lower than 1709. It should be installed automatically with Windows Update on newer versions of Windows client and Windows Server 2019. You can check your version of Windows by running winver on the command line.

After unpacking the self-extracting ZIP executable, install the PSW_EXE_RS2_and_before version:

C:\Intel SGX PSW for Windows v2.7.101.2\PSW_EXE_RS2_and_before\Intel(R)_SGX_Windows_x64_PSW_2.7.101.2.exe"

Azure DCAP client for Windows [optional]

Note that this is optional since you can choose an alternate implementation of the DCAP client or create your own. The Azure DCAP client for Windows is necessary if you would like to perform enclave attestation on a Azure Confidential Computing VM. It is available from nuget.org and can be installed directly via command below. This example assumes that C:\oe_prereqs is where you would like the prerequisites to be installed.

nuget.exe install Microsoft.Azure.DCAP -ExcludeVersion -Version 1.3.0 -OutputDirectory C:\oe_prereqs

This example assumes you would like to install the package to C:\oe_prereqs.

Intel Data Center Attestation Primitives (DCAP) Libraries v1.6

After unpacking the self-extracting ZIP executable, you can refer to the Intel SGX DCAP Windows SW Installation Guide.pdf for more details on how to install the contents of the package.

The following summary will assume that the contents were extracted to C:\Intel SGX DCAP for Windows v1.6.100.2:

  1. Unzip the required drivers from the extracted subfolders:

    • For Windows Server 2016
      • LC_driver_WinServer2016\Signed_*.zip
      • DCAP_INF\WinServer2016\Signed_*.zip
    • For Windows Server 2019
      • LC_driver_WinServer2019\Signed_*.zip
      • DCAP_INF\WinServer2019\Signed_*.zip

    The following instructions will assume that these have been unzipped into the LC_driver and DCAP_INF folders respectively.

  2. Allow the SGX Launch Configuration driver (LC_driver) to run:

    • From an elevated command prompt: 
      reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sgx_lc_msr\Parameters /v "SGX_Launch_Config_Optin" /t REG_DWORD /d 1
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sgx_lc_msr\Parameters /v "SGX_Launch_Config_Optin"
    • If the driver is already installed and running, the machine will need to be rebooted for the change to take effect.

  3. Install the drivers:

    • devcon.exe from the Windows Driver Kit for Windows 10 can be used to install the drivers from an elevated command prompt: 
      devcon.exe install LC_driver\drivers\b361e4d8-bc01-43fc-b8a6-8d101e659ed1\sgx_base_dev.inf root\SgxLCDevice
devcon.exe install DCAP_INF\drivers\226fdf07-49d3-46aa-a0ce-f21b6d4a05cf\sgx_dcap_dev.inf root\SgxLCDevice_DCAP
    • Note that devcon.exe is usually installed to C:\Program Files (x86)\Windows Kits\10\tools\x64 which is not in the PATH environment variable by default.

  4. Install the DCAP nuget packages:

    • The standalone nuget.exe CLI tool can be used to do this from the command prompt: 
      nuget.exe install DCAP_Components -ExcludeVersion -Source "C:\Intel SGX DCAP for Windows v1.6.100.2\nuget" -OutputDirectory c:\oe_prereqs
nuget.exe install EnclaveCommonAPI -ExcludeVersion -Source "C:\Intel SGX DCAP for Windows v1.6.100.2\nuget" -OutputDirectory c:\oe_prereqs