Installation

Prerequisites

To install and run Anjuna Unseal tool, the following prerequisites must be met:

Hardware requirements

Important

  • The host machine must use a CPU that supports Intel® SGX (see Getting access to Intel® SGX).
  • Intel SGX must be enabled in the BIOS of the host machine. Be sure to use the Enabled setting, not Software Controlled.

Supported platforms

  • Ubuntu 16.04 (Xenial) Server and Desktop editions
  • Ubuntu 18.04 (Bionic Beaver) Server and Desktop editions

Software requirements

  • The user performing the installation must have administrator privileges (root or sudo permissions).
  • The Intel SGX Driver must be installed and loaded (the installer will attempt to install this component if it is not found).
  • The Intel SGX Platform Software (PSW) must be installed and running (the Anjuna Unseal tool will attempt to install this component if it is not found).

Important

The Intel SGX components are required to run the Anjuna Unseal tool. If those components are not already installed on the host, the Anjuna Unseal tool installer has the ability to set up Intel SGX components during the installation.

Execute the Anjuna Unseal tool installer

An installation package is provided to install the Anjuna Unseal tool on an SGX-enabled host. The package is an executable that performs the following actions:

  1. checks for Intel SGX system compatibility
  2. checks for OS compatibility (Ubuntu 16.04 or Ubuntu 18.04)
  3. checks for availability of the Intel® SGX Driver
  4. checks for availability of the Intel® PSW stack
  5. installs the Intel® SGX components if necessary
  6. installs the Anjuna Unseal tool on the host
  7. installs the Anjuna Unseal tool documentation (in HTML format)
  8. installs the sealing tool

The Anjuna Unseal tool installers are available by downloading them from the following locations (select the appropriate file for your platform):

For Ubuntu 16
wget https://s3-us-west-1.amazonaws.com/anjuna-security.vault.unseal/anjuna-vault-unseal-ubuntu16-0.17.0050.bin
For Ubuntu 18
wget https://s3-us-west-1.amazonaws.com/anjuna-security.vault.unseal/anjuna-vault-unseal-ubuntu18-0.17.0050.bin

The Anjuna Unseal tool installers can also be downloaded from a browser using the following links:

The rest of this document will assume that the host is running Ubuntu 16.04 and refer to the installation file anjuna-vault-unseal-ubuntu16-0.17.0050.bin. When running on Ubuntu 18.04, the instructions should be adjusted to use the anjuna-vault-unseal-ubuntu18-0.17.0050.bin file.

Important

The Anjuna Unseal tool installer is a self-extracting file and requires executable permission to run. If the permission was removed during the file transfer between hosts, it can be re-applied with the chmod command. If you see this error:

$ ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin
bash: anjuna-vault-unseal-ubuntu16-0.17.0050.bin: Permission denied

just run the following command:

$ chmod +x ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin

and then run the installer again.

The installer supports various command-line options to customize its behavior. To see the available options, use the --help option:

$ ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin --help
Anjuna SGX Runtime self-extracting installer

Usage: anjuna-vault-unseal-ubuntu16-0.17.0050.bin [OPTIONS]
Run this file to extract and install Anjuna Runtime.

Available options:
  -v, --verbose   Print more information during the setup.
  -l, --list      List the content of this package
  -d, --docs      Extract the documentation only and skip the setup.
  -e, --extract   Extract the package, but skip the setup.
  -h, --help      Print this message.
  --version       Print the version information.

To get started, simply run the installer

$ ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin

which should produce the following output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
 Anjuna SGX Runtime self-extracting installer

 Checking for Operating System
 Found Ubuntu 16.04.5 LTS

 Checking for SGX Hardware support
 This host is SGX capable (sgx_is_capable => 1)

 <... snip ...>


 Summary:
 Anjuna SGX Runtime fully installed
 Run the following command to setup your environment

    export ANJUNA_HOME=/home/anjuna/anjuna-vault-unseal-ubuntu16-0.13.0001
    source ${ANJUNA_HOME}/env.sh

The message on line 13 indicates that the Anjuna Unseal tool was properly installed.

The output on line 17 provides a convenient script to set up the environment variables when running the various tools provided by the Anjuna Unseal tool. You can ensure that these environment variables are always set by adding the following line to your ~/.bash_profile file, where it will be executed automatically at login:

$ export ANJUNA_HOME=/home/anjuna/anjuna-vault-unseal-ubuntu16-0.17.0050
$ source ${ANJUNA_HOME}/env.sh

Important

The location of the env.sh file depends on the directory where the installer is run. In the example above, the location is assumed to be /home/anjuna. Make sure the full path of the env.sh is identical to the path shown in the installer out (i.e. replace the /home/anjuna fragment with the correct location)

After setting this up, you can either log out and back in, or just manually source the file from bash.