-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hardware Report: IBM Cloud #43
Comments
Thanks for the report! So you are able to execute SGX enclaves on the IBM Cloud Data Guard but the following sgx_tservice functions are not available:
|
Thanks a lot for your work! I will close the issue for now. Feel free to reopen it if you want to discuss SGX on IBM with the community. |
@ayeks: To your comment above, that is correct: I am able to execute SGX enclaves without the functions that you outline in your comment. And while not ideal, you can circumvent these, so you can arguably have fully capable SGX instances: you should be able to open a TLS connection to an NTP server you trust from within the enclave to obtain a source of trusted time. If you think of trusted monotonic counter as an instance of trusted time, you could get both using the same mechanism (these are suggestions from an Intel SGX architect). |
@lacabra Thank you for the clarification! That makes total sense. I will comment that workaround in the documentation. |
For over 3 weeks the IBM Data Guard page https://ibmdataguard.com/ is offline and no information about that service can be found.
IBM Cloud Data Guard provides cloud computing infrastructure with support for Intel's SGX. Through IBM Cloud one can contract a single processor bare metal server with SGX support, with the following minimum configuration for $276/month (as of May 2018):
Here's the report from an instance with the above specifications:
SGX capabilities are fully functional and I was able to install sgx-linux-driver, and the sgx-linux SDK, and run code inside the enclave. As mentioned in this README, this processor is part of the Xeon E3 family, which means that the Trusted Platform Service Functions (monotonic counters, trusted time) are not available. Otherwise it works as expected.
Issue referenced in #37.
The text was updated successfully, but these errors were encountered: