Installation guide

The Fortanix Rust EDP is the preferred way to write Intel SGX enclaves from scratch. This guide enables you setup Fortanix EDP on your machine and start building secure Rust applications.

Supported Platforms

• Ubuntu 16.04
• Microsoft Windows 10

Note: Most major Linux distributions should support EDP, but these platforms are not tested.

Installing EDP & dependencies

Install Rust

The easiest way to install Rust is with rustup. You will need Rust nightly, so make sure to select that during setup.

If you already have rustup installed, but you don't have the nightly toolchain installed, you can install nightly by:

rustup default nightly

Also, install the Fortanix EDP target.

rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly

Install SGX driver

• Ubuntu 16.04/18.04
• Linux Driver package
• Windows 10 / Windows Server 2019

echo "deb https://download.fortanix.com/linux/apt xenial main" | sudo tee -a /etc/apt/sources.list.d/fortanix.list >/dev/null
curl -sSL "https://download.fortanix.com/linux/apt/fortanix.gpg" | sudo -E apt-key add -
sudo apt-get update
sudo apt-get install intel-sgx-dkms

Install AESM service

• Docker (Linux)
• Ubuntu 16.04/18.04
• Linux PSW package
• Windows 10 / Windows Server 2019

docker run --detach --restart always --device /dev/isgx --volume /var/run/aesmd:/var/run/aesmd --name aesmd fortanix/aesmd

echo "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/intel-sgx.list >/dev/null
curl -sSL "https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key" | sudo -E apt-key add -
sudo apt-get update
sudo apt-get install sgx-aesm-service libsgx-aesm-launch-plugin

Install Fortanix EDP utilities

• From source (Linux)
• From source (Windows)

sudo apt-get install pkg-config libssl-dev protobuf-compiler

cargo install fortanix-sgx-tools sgxs-tools

cargo install fortanix-sgx-tools sgxs-tools

Configure Cargo integration with Fortanix EDP

Configure the Cargo runner for the x86_64-fortanix-unknown-sgx target, so that Cargo knows how to run enclaves after building.

Create .cargo directory with config file in it, in your $HOME directory with the following content:

[target.x86_64-fortanix-unknown-sgx]
runner = "ftxsgx-runner-cargo"

If you already have a .cargo/config file in your $HOME, just append the above content to it.

Check SGX setup

Before you start building your application, you must verify that SGX is enabled and all software dependencies are in place.

The sgx-detect utility does this for you. Run it by:

sgx-detect

If sgx-detect gives positive output, you are good to go. Else, you need to troubleshoot the setup by following Help guide.

Building & running

Now, you are able to use Cargo to build your Rust application as normal. Just add --target x86_64-fortanix-unknown-sgx to any standard Cargo command line, for example:

cargo run --target x86_64-fortanix-unknown-sgx

Or, if you want to run the unit and integration tests:

cargo test --target x86_64-fortanix-unknown-sgx

Set default build target

Cargo allows you to specify Fortanix EDP target as default build target for your application.

Create .cargo directory with config file in it, in your package's root with the following content:

[build]
target = "x86_64-fortanix-unknown-sgx"

If you already have a .cargo/config file in your package, just append the above content to it.

Now, you can run cargo build, cargo run and cargo test without explicitly specifying the target.