# SGX server setup

Following are useful links to get more information:
* [SGX installation procedures](https://download.01.org/intel-sgx/sgx-linux/2.13/docs/Intel_SGX_Installation_Guide_Linux_2.13_Open_Source.pdf)
* [DCAP extended installation](https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/docs/Intel_SGX_DCAP_Linux_SW_Installation_Guide.pdf)
* [SGX installation for developers](https://download.01.org/intel-sgx/latest/linux-latest/docs/Intel_SGX_SW_Installation_Guide_for_Linux.pdf)
* [SGX Released Packages](https://download.01.org/intel-sgx/Releases/)
* [PCCS installation readme](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/main/QuoteGeneration/pccs)

## SGX drivers for operating the DeTEE daemon
Operators should be able to just install the SGX driver and DCAP:
```
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu/ jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update
# sudo apt install build-essential ocaml automake autoconf libtool wget python-is-python3 libssl-dev cracklib-runtime
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_driver_1.41.bin
sudo ./sgx_linux_x64_driver_1.41.bin
sudo apt install libsgx-dcap-ql libsgx-dcap-default-qpl libsgx-dcap-quote-verify
```

## SGX drivers, platform software (PSW), DCAP, PCCS, and SDK
Cheat sheet:
```
# Add debian repository with SGX
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu/ jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update

# Choose release https://download.01.org/intel-sgx/Releases/
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_driver_1.41.bin
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_driver_2.11.b6f5b4a.bin
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.24.100.3.bin
chmod 777 sgx_linux_x64*

# ECDSA attestation support
sudo apt install build-essential ocaml automake autoconf libtool wget python-is-python3 libssl-dev
# SGX DCAP Driver, kernels v5.11 have it built-in
sudo ./sgx_linux_x64_driver_1.41.bin
# SGX DCAP
sudo apt install python3 cracklib-runtime
sudo apt install libsgx-dcap-ql libsgx-dcap-ql-dev
sudo apt install libsgx-dcap-default-qpl libsgx-dcap-default-qpl-dev
sudo apt install libsgx-dcap-quote-verify libsgx-dcap-quote-verify-dev

# SGX PSW (platform software), get launch, epid, and agnostic attestation
sudo apt install libssl-dev libcurl4-openssl-dev libprotobuf-dev
sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin
# *-dbgsym and *-dev versions are for development
sudo apt install libsgx-launch libsgx-epid libsgx-quote-ex libsgx-urts

# Put SGX SDK under /opt/intel
sudo apt install build-essential python-is-python3
sudo ./sgx_linux_x64_sdk_2.24.100.3.bin

# TODO: PCCS is optional and is hard to install, fix it
curl -fsSL https://deb.nodesource.com/setup_20.10 -o nodesource_setup.sh
sudo -E bash nodesource_setup.sh
sudo apt install nodejs
sudo apt install sgx-dcap-pccs
# file with PCCS configurations /etc/sgx_default_qcnl.conf
# USE_SECURE_CERT=TRUE
# PCCS_URL=https://your_pccs_server:8081/sgx/certification/v2/
```

## Gramine and Occlum installation [in progress]
Make sure you have installed SGX, then add following to the `/etc/apt/sources.list`:
```
deb [arch=amd64 trusted=yes] https://packages.gramineproject.io/ jammy main
deb [arch=amd64 trusted=yes] https://occlum.io/occlum-package-repos/debian jammy main
```