I'm trying to use SGX on Windows Azure as shown in this article Introduction to Azure Confidential Computation. But I think SGX it is no longer supported by Azure. Is there any other way to run SGX applications on cloud rather than Azure?
Azure SGX support
676 views Asked by 0x3bfc At
3
There are 3 answers
0
On
I registered with the above link. SGX is available with ACC (Azure Confidential Computing) only in EAST US and WEST EUROPE. It is only supported on DC* instances (I have a DC2 with 2 vCPUs and 8GB memory, 32GB disk. It is runing on Ubuntu 18 LTS (Bionic). The CPU is a E-2176G CPU with SGX1, but no SGX2.
However, my application needs /dev/isgx but my ACC instance only has /dev/sgx, which is not compatible with /dev/isgx, so it does not work for me (unless I figure out why I have one and not the other.
Edit: The solution is to first uninstall the /dev/sgx driver with the uninstall.sh script, which may be under /opt/intel/ somewhere. Uninstall the driver before even thinking of downloading and unpacking the /dev/isgx driver (so it will not be overwritten).
An additional clarification:
/dev/sgx(kernel moduleintel_sgx) is the DCAP driver. It is installed if you select "Open Enclave" when you create an ACC instance./dev/isgx(kernel moduleisgx) is the non-DCAP driver that uses IAS. If you want this, deselect "Open Enclave" when creating your ACC instance and manually install the non-DCAP Intel SGX driver from Intel.
More details on Azure's ACC and SGX from a blog by Dan Zimmerman: https://software.intel.com/en-us/articles/get-started-with-azure-confidential-computing
I haven't tried it (yet) but Azure now has a Confidential Computing service. They have a "DC" VM that supposedly offers SGX support. I haven't found much info about it though.
https://azure.microsoft.com/en-us/solutions/confidential-compute/