#! /bin/bashsudoapt-getupdate&&sudoaptupgrade-ysudoapt-getinstallmakebuild-essentialgccgitjqchronydkmsgpg-agent-yUBUNTUVERSION=$(lsb_release-r-s|cut-d '.' -f1)PSW_PACKAGES='libsgx-enclave-common libsgx-aesm-launch-plugin libsgx-aesm-epid-plugin libsgx-aesm-quote-ex-plugin libsgx-urts sgx-aesm-service libsgx-uae-service autoconf libtool make gcc'
if (($UBUNTUVERSION <16)); thenecho"Your version of Ubuntu is not supported. Must have Ubuntu 16.04 and up. Aborting installation script..."exit1elif (($UBUNTUVERSION ==16)); then DISTRO='xenial' OS='ubuntu16.04-server'elif (($UBUNTUVERSION ==18)); then DISTRO='bionic' OS='ubuntu18.04-server'elif (($UBUNTUVERSION ==20)); then DISTRO='focal' OS='ubuntu20.04-server'elif (($UBUNTUVERSION ==22)); then DISTRO='jammy' OS='ubuntu22.04-server'fiecho"\n\n###############################################"echo"##### Installing Intel SGX driver #####"echo"###############################################\n\n"# Download SGX driverif (($UBUNTUVERSION ==16)); then# Ubuntu 16 was deprecated by the latest Intel SGX driverswget"https://download.01.org/intel-sgx/sgx-linux/2.13/distro/${OS}/sgx_linux_x64_driver_2.11.0_0373e2e.bin"elif (( $UBUNTUVERSION ==22 )); then# Ubuntu 22 is not supported in sgx-linux/v2.17wget"https://download.01.org/intel-sgx/latest/linux-latest/distro/${OS}/sgx_linux_x64_driver_2.11.54c9c4c.bin"elsewget"https://download.01.org/intel-sgx/sgx-linux/2.17/distro/${OS}/sgx_linux_x64_driver_1.41.bin"fi# Make the driver installer executablechmod+x./sgx_linux_x64_driver_*.bin# Install the driversudo./sgx_linux_x64_driver_*.bin# Remount /dev as exec, also at system startupsudotee/etc/systemd/system/remount-dev-exec.service>/dev/null<<EOF[Unit]Description=Remount /dev as exec to allow AESM service to boot and load enclaves into SGX[Service]Type=oneshotExecStart=/bin/mount -o remount,exec /devRemainAfterExit=true[Install]WantedBy=multi-user.targetEOFsudosystemctlenableremount-dev-execsudosystemctlstartremount-dev-exececho"\n\n###############################################"echo"##### Installing Intel SGX PSW #####"echo"###############################################\n\n"# Add Intels's SGX PPAecho"deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu $DISTRO main"|sudotee/etc/apt/sources.list.d/intel-sgx.listwget-qO-https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key|sudoapt-keyadd-sudoaptupdatesudoaptinstall-y $PSW_PACKAGES
Testing your SGX setup
Run secretd init-enclave
See Verify SGX for a guide how to test your setup.
Uninstall
To uninstall the Intel(R) SGX Driver, run:
sudo /opt/intel/sgxdriver/uninstall.sh
The above command produces no output when it succeeds. If you want to verify that the driver has been uninstalled, you can run the following, which should print SGX Driver NOT installed:
ls /dev/isgx &>/dev/null && echo "SGX Driver installed" || echo "SGX Driver NOT installed"