|
1 | 1 |
|
| 2 | + |
2 | 3 | Intel(R) Software Guard Extensions for Linux\* OS |
3 | 4 | ================================================ |
4 | 5 |
|
@@ -285,9 +286,27 @@ To enable ECDSA attestation |
285 | 286 | - Ensure that you have the following required hardware: |
286 | 287 | * 8th Generation Intel(R) Core(TM) Processor or newer with **Flexible Launch Control** support* |
287 | 288 | * Intel(R) Atom(TM) Processor with **Flexible Launch Control** support* |
288 | | -- Ensure the PCS caching service is setup correctly by local administrator or data center administrator. Also make sure that if the PCS server is not on local machine, the configure file (/etc/sgx_default_qcnl.conf) needs to be consistent with the real environment, for example: |
| 289 | +- To use ECDSA attestation, you must install Intel® Software Guard Extensions |
| 290 | +Driver for Data Center Attestation Primitives (Intel® SGX DCAP). |
| 291 | +Please follow the Intel® SGX DCAP Installation Guide for Linux* OS to |
| 292 | +install the driver. You can find the documentation here: |
| 293 | +https://download.01.org/intel-sgx/dcap-\<version>/linux/docs/ |
| 294 | +As example: Intel® SGX DCAP 1.1 file's location is: |
| 295 | +https://download.01.org/intel-sgx/dcap-1.1/linux/docs/ |
| 296 | +Filename is Intel_SGX_DCAP_Linux_SW_Installation_Guide.pdf, in |
| 297 | +section “Intel® SGX Driver”. |
| 298 | + |
| 299 | +> **NOTE** If you had already installed Intel® SGX driver without ECDSA attestation, please uninstall the driver firstly. Or the newly |
| 300 | +> installed ECDSA attestation enabled Intel® SGX driver will be |
| 301 | +> unworkable. |
| 302 | +
|
| 303 | +- Install PCK Caching Service. For how to install and configure PCK Caching |
| 304 | +Service, please refer [SGXDataCenterAttestationPrimitives](https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration/pcs) |
| 305 | +- Ensure the PCK Caching Service is setup correctly by local administrator |
| 306 | +or data center administrator. Also make sure that the configure file of |
| 307 | +quote provider library (/etc/sgx_default_qcnl.conf) needs to be consistent |
| 308 | +with the real environment, for example: |
289 | 309 | PCS_URL=https://your_pcs_server:8081/sgx/certification/v1/ |
290 | | -- For how to install and configure PCK Caching Service, please go to https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/master/QuoteGeneration |
291 | 310 |
|
292 | 311 | ### Start or Stop aesmd Service |
293 | 312 | The Intel(R) SGX PSW installer installs an aesmd service in your machine, which is running in a special linux account `aesmd`. |
|
0 commit comments