Gramine without Intel SGX can be deployed on arbitrary cloud VMs. Please see our :doc:`quickstart` guide for the details.
To deploy Gramine with Intel SGX, the cloud VM has to support Intel SGX. Please see the installation and usage guide for each cloud VM offering individually below (currently only for Microsoft Azure).
Azure confidential computing services are available and provide access to VMs with Intel SGX enabled in DCsv2 and DCsv3 VM instances. The description below uses a DCsv3 VM running Ubuntu 20.04.
Update and install the required packages for Gramine:
sudo apt-get update
sudo apt-get install -y build-essential \
autoconf bison gawk libcurl4-openssl-dev libprotobuf-c-dev ninja-build \
pkg-config protobuf-c-compiler python3 python3-click python3-jinja2 \
python3-pip python3-protobuf wget
sudo python3 -m pip install 'meson>=0.55' 'toml>=0.10'Gramine requires the kernel to support FSGSBASE x86 instructions. Older Azure Confidential Compute VMs may not contain the required kernel patches and need to be updated.
To be able to run all tests also install:
sudo apt-get install -y libunwind8 python3-pyelftools python3-pytestClone Gramine:
git clone https://github.com/gramineproject/gramine.git cd graminePrepare the signing keys:
openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072
Build Gramine:
meson setup build/ --buildtype=release \ -Dsgx=enabled -Ddirect=disabled -Ddcap=enabled ninja -C build/ sudo ninja -C build/ installBuild and run :program:`helloworld`:
cd CI-Examples/helloworld make SGX=1 gramine-sgx helloworld