Skip to content

Latest commit

 

History

History
156 lines (111 loc) · 5.2 KB

WindowsSGX1GettingStarted.md

File metadata and controls

156 lines (111 loc) · 5.2 KB
Raw

Getting Started with Open Enclave on Windows for systems with support for SGX1

Platform requirements

Intel® X86-64bit architecture with SGX1.

Note: To check if your system has support for SGX1, please look here.

A version of Windows OS with native support for SGX features:

  • For server: Windows Server 2019
  • For client: Windows 10 64-bit version 1709 or newer
  • To check your Windows version, run winver from the command line

Note: The following instructions assume running powershell as adminstrator.

Install Git and Clone the Open Enclave SDK repo

  • Download and install Git for Windows from here.
  • Clone the Open Enclave SDK to a folder of your choice. In these instructions we're assuming C:/Users/test.
cd C:/Users/test/
git clone --recursive https://github.com/openenclave/openenclave.git

This creates a source tree under the directory called openenclave.

Install project prerequisites

First, change directory into the Open Enclave repository (from wherever you cloned it):

cd C:/Users/test/openenclave

Also, make sure the execution policy is set to RemoteSigned with the following command.

Get-ExecutionPolicy

If not, set the policy with the following command and confirm the change by typing Y.

Set-ExecutionPolicy RemoteSigned

To deploy all the prerequisities for building Open Enclave, you can run the following from PowerShell. Note that the Data Center Attestation Primitives (DCAP) Client is not used for attestation on systems which have support for SGX1 without support for Flexible Launch Control (FLC). The below example assumes you would like to install the packages to C:/oe_prereqs.

./scripts/install-windows-prereqs.ps1 -InstallPath C:/oe_prereqs -LaunchConfiguration SGX1 -DCAPClientType None

On Windows Server 2019 and versions of Windows 10 newer than 1709, the Intel PSW and DCAP software components should already be automatically installed. To skip updating the PSW and DCAP software components:

./scripts/install-windows-prereqs.ps1 -InstallPath C:/oe_prereqs -LaunchConfiguration SGX1-NoIntelDrivers -DCAPClientType None

Once the installation is done, please ignore the following message(s) and continue on to the next step.

Please reboot your computer for the configuration to complete.

If you prefer to manually install prerequisites, please refer to this document.

Building on Windows using Developer Command Prompt

Launch the x64 Native Tools Command Prompt for VS(2017 or 2019), which is found in the Visual Studio 2017 folder in the Start Menu.

Run the command powershell.exe to open a PowerShell prompt within the native tools environment.

From here, use CMake and Ninja to build/install Open Enclave.

To build debug enclaves:

cd C:/Users/test/openenclave
mkdir build/x64-Debug
cd build/x64-Debug
cmake -G Ninja -DNUGET_PACKAGE_PATH=C:/oe_prereqs -DCMAKE_INSTALL_PREFIX=C:/openenclave ../..
ninja

Similarly, to build release enclaves, specify the flag -DCMAKE_BUILD_TYPE=Release:

cd C:/Users/test/openenclave
mkdir build/x64-Release
cd build/x64-Release
cmake -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DNUGET_PACKAGE_PATH=C:/oe_prereqs -DCMAKE_INSTALL_PREFIX=c:/openenclave ../..
ninja

To build enclaves with LVI mitigation, specify the flag -DLVI_MITIGATION=ControlFlow:

cd C:/Users/test/openenclave
mkdir build/x64-LVI
cd build/x64-LVI
cmake -G Ninja -DLVI_MITIGATION=ControlFlow -DNUGET_PACKAGE_PATH=C:/oe_prereqs -DCMAKE_INSTALL_PREFIX=C:/openenclave ../..
ninja

Refer to the LVI Mitigation documentation for further information.

Now, using the ninja install command will install the SDK in C:/openenclave. To choose a different location, change the value specified for CMAKE_INSTALL_PREFIX

Run unit tests

After building, run all unit test cases using ctest to confirm the SDK is built and working as expected.

Run the following command from the build directory to run tests, (in this example, we are testing the debug build):

ctest

You will see test logs similar to the following:

  Test project C:/Users/test/openenclave/build/x64-Debug
        Start   1: tests/lockless_queue
  1/107 Test   #1: tests/lockless_queue ..................................   Passed    3.49 sec
        Start   2: tests/mem
  2/107 Test   #2: tests/mem .............................................   Passed    0.01 sec
  ...
  ....
100% tests passed, 0 tests failed out of 107

A clean pass of the above unit tests is an indication that your Open Enclave setup was successful.

For more information refer to the Advanced Test Info document.

Build and run samples

To build and run the samples without building and then installing the OE SDK, please refer to the README for samples.

Known Issues

Not all tests currently run on Windows. See tests/CMakeLists.txt for a list of supported tests.