Installation

Prerequisites

To install and run Anjuna Vault-Unseal tool, the following prerequisites must be met:

Hardware requirements

Important

  • The host machine must use a CPU that supports Intel® SGX (see Getting access to Intel® SGX).
  • Intel SGX must be enabled in the BIOS of the host machine. Be sure to use the Enabled setting, not Software Controlled.

Supported platforms

  • Ubuntu 16.04 (Xenial) Server and Desktop editions
  • Ubuntu 18.04 (Bionic Beaver) Server and Desktop editions

Software requirements

  • The user performing the installation must have administrator privileges (root or sudo permissions).
  • The Intel SGX Driver must be installed and loaded (the installer will attempt to install this component if it is not found).
  • The Intel SGX Platform Software (PSW) must be installed and running (the Anjuna Vault-Unseal tool will attempt to install this component if it is not found).

Important

The Intel SGX components are required to run the Anjuna Vault-Unseal tool. If those components are not already installed on the host, the Anjuna Vault-Unseal tool installer has the ability to set up Intel SGX components during the installation.

Execute the Anjuna Vault-Unseal tool installer

An installation package is provided to install the Anjuna Vault-Unseal tool on an SGX-enabled host. The package is an executable that performs the following actions:

  1. checks for Intel SGX system compatibility
  2. checks for OS compatibility (Ubuntu 16.04 or Ubuntu 18.04)
  3. checks for availability of the Intel® SGX Driver
  4. checks for availability of the Intel® PSW stack
  5. installs the Intel® SGX components if necessary
  6. installs the Anjuna Vault-Unseal tool on the host
  7. installs the Anjuna Vault-Unseal tool documentation (in HTML format)
  8. installs the sealing tool

The Anjuna Vault-Unseal tool installers are available by downloading them from the following locations (select the appropriate file for your platform):

For Ubuntu 16
wget https://s3-us-west-1.amazonaws.com/anjuna-security.vault.unseal/anjuna-vault-unseal-ubuntu16-0.17.0050.bin
For Ubuntu 18
wget https://s3-us-west-1.amazonaws.com/anjuna-security.vault.unseal/anjuna-vault-unseal-ubuntu18-0.17.0050.bin

The Anjuna Vault-Unseal tool installers can also be downloaded from a browser using the following links:

The rest of this document will assume that the host is running Ubuntu 16.04 and refer to the installation file anjuna-vault-unseal-ubuntu16-0.17.0050.bin. When running on Ubuntu 18.04, the instructions should be adjusted to use the anjuna-vault-unseal-ubuntu18-0.17.0050.bin file.

Important

The Anjuna Vault-Unseal tool installer is a self-extracting file and requires executable permission to run. If the permission was removed during the file transfer between hosts, it can be re-applied with the chmod command. If you see this error:

$ ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin
bash: anjuna-vault-unseal-ubuntu16-0.17.0050.bin: Permission denied

just run the following command:

chmod +x ./anjuna-vault-unseal-ubuntu16-0.17.0050.bin

and then run the installer again.

The installer supports various command-line options to customize its behavior. To see the available options, use the --help option:

./anjuna-vault-unseal-ubuntu16-0.17.0050.bin --help
Anjuna SGX Runtime self-extracting installer

Usage: anjuna-vault-unseal-ubuntu16-0.17.0050.bin [OPTIONS]
Run this file to extract and install Anjuna Runtime.

Available options:
  -v, --verbose   Print more information during the setup.
  -l, --list      List the content of this package
  -d, --docs      Extract the documentation only and skip the setup.
  -e, --extract   Extract the package, but skip the setup.
  -h, --help      Print this message.
  --version       Print the version information.

To get started, simply run the installer

./anjuna-vault-unseal-ubuntu16-0.17.0050.bin

which should produce the following output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
 Anjuna SGX Runtime self-extracting installer

 Checking for Operating System
 Found Ubuntu 16.04.5 LTS

 Checking for SGX Hardware support
 This host is SGX capable (sgx_is_capable => 1)

 <... snip ...>


 Summary:
 Anjuna SGX Runtime fully installed
 Run the following command to setup your environment

    export ANJUNA_HOME=/home/anjuna/anjuna-vault-unseal-ubuntu16-0.13.0001
    source ${ANJUNA_HOME}/env.sh

The message on line 13 indicates that the Anjuna Vault-Unseal tool was properly installed.

The output on line 17 provides a convenient script to set up the environment variables when running the various tools provided by the Anjuna Vault-Unseal tool. You can ensure that these environment variables are always set by adding the following line to your ~/.bash_profile file, where it will be executed automatically at login:

export ANJUNA_HOME=/home/anjuna/anjuna-vault-unseal-ubuntu16-0.17.0050
source ${ANJUNA_HOME}/env.sh

Important

The location of the env.sh file depends on the directory where the installer is run. In the example above, the location is assumed to be /home/anjuna. Make sure the full path of the env.sh is identical to the path shown in the installer out (i.e. replace the /home/anjuna fragment with the correct location)

After setting this up, you can either log out and back in, or just manually source the file from bash.