因为IntelSGX的驱动从5.x内核主线才开始支持,因此5.x以下的内核版本要使用SGX的功能,需要额外编译安装驱动。以Ubuntu18.04为例,安装驱动也非常简单,从Inte
因为 Intel SGX 的驱动从 5.x 内核主线才开始支持,因此 5.x 以下的内核版本要使用SGX的功能,需要额外编译安装驱动。
以 Ubuntu 18.04为例,安装驱动也非常简单,从 Intel 的官网下载驱动 bin 包,直接执行即可:
<span>$</span> <span>sudo ./sgx_linux_x64_driver_1.41.bin</span><span>Unpacking</span> <span>Intel SGX Driver ... done.</span><span>Verifying</span> <span>the integrity of the install package ... done.</span><span>Installing</span> <span>Intel SGX Driver ...</span><span>/tmp/sgx-driver-F6eUsR</span> <span>~/workspace/sgx</span><span>install</span> <span>-d /opt/intel/sgxdriver/package</span><span>install</span> <span>-d /opt/intel/sgxdriver/scripts</span><span>cp</span> <span>-r package/* /opt/intel/sgxdriver/package</span><span>install</span> <span>scripts/* /opt/intel/sgxdriver/scripts</span><span>~/workspace/sgx</span><span>Creating</span> <span>symlink /var/lib/dkms/sgx/1.41/source -></span> <span>/usr/src/sgx-1.41</span><span>DKMS</span>: <span>add completed.</span><span>Kernel</span> <span>preparation unnecessary for this kernel. Skipping...</span><span>Building</span> <span>module:</span><span>cleaning</span> <span>build area...</span><span>\'make\'</span> <span>KDIR=/lib/modules/4.15.0-153-generic/build....</span><span>Signing</span> <span>module:</span><span>Generating</span> <span>a new Secure Boot signing key:</span><span>Can\'t</span> <span>load /var/lib/shim-signed/mok/.rnd into RNG</span><span>140349876240832</span>:<span>error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/var/lib/shim-signed/mok/.rnd</span><span>Generating</span> <span>a RSA private key</span><span>...........................................................................................+++++</span><span>......................+++++</span><span>writing</span> <span>new private key to \'/var/lib/shim-signed/mok/MOK.priv\'</span><span>-----</span> <span>-</span> <span>/var/lib/dkms/sgx/1.41/4.15.0-153-generic/x86_64/module/intel_sgx.ko</span><span>EFI</span> <span>variables are not supported on this system</span><span>/sys/firmware/efi/efivars</span> <span>not found, aborting.</span><span>cleaning</span> <span>build area...</span><span>DKMS</span>: <span>build completed.</span><span>intel_sgx</span>:<span>Running</span> <span>module version sanity check.</span> <span>-</span> <span>Original module</span> <span>-</span> <span>No original module exists within this kernel</span> <span>-</span> <span>Installation</span> <span>-</span> <span>Installing to /lib/modules/4.15.0-153-generic/updates/dkms/</span><span>depmod.....</span><span>DKMS</span>: <span>install completed.</span><span>You</span> <span>may need to run \"/sbin/modprobe intel_sgx (--allow-unsupported)\" or reboot system manually!</span><span>uninstall.sh</span> <span>script generated in \"/opt/intel/sgxdriver\".</span><span>$</span>安装完成后,加载内核模块,应该能在 /dev 下看到 sgx 样的设备。如果没有,说明这款 CPU 硬件不支持 SGX。
从安装过程中可以看出 SGX 驱动安装采用了 DKMS 的方式,这是什么呢?DKMS 的全称是 Dynamic Kernel Module Support,它使一些设备商可以以源码的方式提供驱动版本,当内核升级时,会自动编译出与新内核兼容的驱动版本。
本站部分文章来自网络或用户投稿,如无特殊说明或标注,均为本站原创发布。涉及资源下载的,本站旨在共享仅供大家学习与参考,如您想商用请获取官网版权,如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。