3

I'm trying to use SGX on Windows Azure as shown in this article Introduction to Azure Confidential Computation. But I think SGX it is no longer supported by Azure. Is there any other way to run SGX applications on cloud rather than Azure?

0x3bfc
  • 2,715
  • 1
  • 16
  • 20

3 Answers3

2

I haven't tried it (yet) but Azure now has a Confidential Computing service. They have a "DC" VM that supposedly offers SGX support. I haven't found much info about it though.

https://azure.microsoft.com/en-us/solutions/confidential-compute/

larslars
  • 168
  • 1
  • 14
1

Take a look at IBM Cloud, seems it's now available on their VMs.

Guilherme Borges
  • 165
  • 2
  • 8
1

I registered with the above link. SGX is available with ACC (Azure Confidential Computing) only in EAST US and WEST EUROPE. It is only supported on DC* instances (I have a DC2 with 2 vCPUs and 8GB memory, 32GB disk. It is runing on Ubuntu 18 LTS (Bionic). The CPU is a E-2176G CPU with SGX1, but no SGX2.

However, my application needs /dev/isgx but my ACC instance only has /dev/sgx, which is not compatible with /dev/isgx, so it does not work for me (unless I figure out why I have one and not the other.

Edit: The solution is to first uninstall the /dev/sgx driver with the uninstall.sh script, which may be under /opt/intel/ somewhere. Uninstall the driver before even thinking of downloading and unpacking the /dev/isgx driver (so it will not be overwritten).

An additional clarification:

  • /dev/sgx (kernel module intel_sgx) is the DCAP driver. It is installed if you select "Open Enclave" when you create an ACC instance.
  • /dev/isgx (kernel module isgx) is the non-DCAP driver that uses IAS. If you want this, deselect "Open Enclave" when creating your ACC instance and manually install the non-DCAP Intel SGX driver from Intel.

More details on Azure's ACC and SGX from a blog by Dan Zimmerman: https://software.intel.com/en-us/articles/get-started-with-azure-confidential-computing

Dan Anderson
  • 2,265
  • 1
  • 9
  • 20