Run and Attest an SGX Enclave in Your VM
This guide walks through verifying SGX support in your Xeon 8368 VM, installing the runtime, running an enclave, and generating an attestation quote. Run all commands inside your VM unless stated otherwise.
1. Confirm SGX is available
Check that the enclave devices exist and the CPU advertises SGX:
ls -l /dev/sgx_enclave /dev/sgx_provision
grep -o 'sgx[a-z0-9_]*' /proc/cpuinfo | sort -uThe flag check should return sgx sgx1 sgx2 sgx_lc, and both device files should be present.
If /dev/sgx_enclave is missing, your VM was not given SGX access or the kernel is too old (5.13 or newer is required). Stop here and contact support before continuing.
2. Install the SGX runtime and Gramine
This installs the platform service (AESM), the DCAP quote provider, and Gramine.
Ubuntu / Debian
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/intel-sgx.gpg
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx.gpg] \
https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/intel-sgx.list
curl -fsSL https://packages.gramineproject.io/gramine-keyring-$(lsb_release -sc).gpg \
| sudo tee /etc/apt/keyrings/gramine-keyring.gpg > /dev/null
echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring.gpg] \
https://packages.gramineproject.io/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/gramine.list
sudo apt update
sudo apt install -y gramine \
sgx-aesm-service libsgx-aesm-launch-plugin \
libsgx-aesm-quote-ex-plugin libsgx-aesm-ecdsa-plugin \
libsgx-aesm-pce-plugin libsgx-dcap-default-qplAlmaLinux / RHEL
Install the Intel SGX local RPM repo for your release, then:
sudo dnf install -y gramine \
sgx-aesm-service libsgx-aesm-launch-plugin \
libsgx-aesm-quote-ex-plugin libsgx-aesm-ecdsa-plugin \
libsgx-aesm-pce-plugin libsgx-dcap-default-qplGrant device access to your user
Add your user to the sgx group so commands do not require root, then log out and back in:
sudo usermod -aG sgx "$USER"3. Configure the attestation service
The runtime fetches platform certificates from the caching service to generate quotes. Set /etc/sgx_default_qcnl.conf to:
{
"pccs_url": "https://sgx.infofractal.io/sgx/certification/v4/",
"use_secure_cert": true,
"retry_times": 6,
"retry_delay": 10,
"pck_cache_expire_hours": 168,
"verify_collateral_cache_expire_hours": 168
}Restart the platform service and confirm the VM can reach the caching service:
sudo systemctl restart aesmd
curl https://sgx.infofractal.io/sgx/certification/v4/rootcacrlA block of hex output confirms the service is reachable. An error indicates a network or access problem; resolve it before continuing.
4. Verify the full stack
Run the platform check:
is-sgx-availableConfirm these lines report true:
SGX driver loaded: trueAESMD installed: trueSGX PSW/libsgx installed: true
5. Run an enclave
Generate a signing key for local enclaves, then build and run the Hello World example:
gramine-sgx-gen-private-key
git clone --depth 1 https://github.com/gramineproject/gramine.git
cd gramine/CI-Examples/helloworld
make SGX=1
gramine-sgx helloworldThe expected output is Hello, world!. A notice that the enclave is built in debug mode is normal for this example.
6. Generate an attestation quote
Build the Python example in DCAP mode, then run the report and quote scripts directly. These two scripts are the attestation test; do not use run-tests.sh, which also runs numpy and scipy examples that require extra library configuration and are unrelated to attestation.
cd ../python
make SGX=1 RA_TYPE=dcap
gramine-sgx ./python scripts/sgx-report.py
gramine-sgx ./python scripts/sgx-quote.pyThe report script prints an SGX report with MRENCLAVE and MRSIGNER fields. The quote script prints Detected attestation type: dcap followed by an extracted quote and the same fields. Both completing successfully means quote generation works end to end.
The first quote is slower because it fetches certificates from the caching service. Later quotes are served from cache.
What a verified quote proves
A quote is a CPU-signed statement that specific code ran inside a genuine enclave. A remote party can verify it without trusting your VM or the host. It contains:
- MRENCLAVE — a hash of the exact code loaded into the enclave. Any change to the program changes this value.
- MRSIGNER — the identity of the key that signed the enclave.
- TCB level — the platform's microcode and security-patch state, so a verifier can reject out-of-date hosts.
- Signature chain — a signature chaining back to Intel's roots through your platform certificate, which is what makes the quote verifiable remotely.
Next steps
- To run your own application in an enclave, write a Gramine manifest for it. The commented
redisexample underCI-Examplesis a good starting point. - To bind attestation into a TLS connection, see Gramine's
ra-tlsexamples. - Enclave memory (EPC) is limited. If a workload slows sharply under load, it may be exceeding the EPC allocated to your VM.
Troubleshooting
- Permission denied on /dev/sgx_enclave — your user is not in the
sgxgroup, or you have not logged out and back in since step 2. - AESM service returned error — the platform service is not running or cannot reach the caching service. Check
systemctl status aesmdand re-verify step 3. - Quote generation hangs or fails on first run — confirm the
rootcacrlcommand in step 3 still returns hex output. - numpy or scipy examples fail with "libblas.so.3: cannot open shared object file" — this is a Gramine manifest issue, not an SGX problem. Those examples need BLAS and LAPACK library paths added to the manifest's mounts and trusted files. They are not required to validate attestation; use the report and quote scripts in step 6 instead.
When reporting a problem, include the full output of the failing command and the relevant lines from journalctl -u aesmd.
