Cloud Deployment¶
Gramine without Intel SGX can be deployed on arbitrary cloud VMs. Please see our Quick start guide for the details.
To deploy Gramine with Intel SGX, the cloud VM has to support Intel SGX. Please see the installation and usage guide for each cloud VM offering individually below (currently only for Microsoft Azure).
Azure confidential computing VMs¶
Azure confidential computing services are available and provide access to VMs with Intel SGX enabled in DCsv2 and DCsv3 VM instances. The description below uses a DCsv3 VM running Ubuntu 18.04/20.04.
Install Gramine¶
Add a Gramine repository:
sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ stable main' | sudo tee /etc/apt/sources.list.d/gramine.list
Add Intel SGX repository:
curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
# (if you're on Ubuntu 18.04, write "bionic" instead of "focal" above)
Install Gramine (DCAP driver version) on Ubuntu 18.04:
sudo apt-get update
sudo apt-get install gramine-dcap
Install Gramine (in-kernel driver version) on Ubuntu 20.04:
sudo apt-get install gramine
Run sample application¶
Core Gramine repository contains several sample applications. Thus, to test Gramine installation, we clone the Gramine repo and use the HelloWorld example from there:
git clone --depth 1 --branch v1.3 https://github.com/gramineproject/gramine.git
To build the HelloWorld application, we need the gcc compiler and the
make build system:
sudo apt-get install gcc make
Run the HelloWorld example with SGX:
cd gramine/CI-Examples/helloworld
make SGX=1
gramine-sgx helloworld