Intel SGX Enclave with Qubes


I have been reading regarding the SGX secure enclave and was wondering if I can run my VMs in the enclave?

Hi @Zaro,

The first step would be to have SGX support in Xen. A quick grep in the source (both 4.14 and upstream master) shows it’s knows when SGX is enqbled but does not seem to do much with the info. Intel’s own SGX page points to a defunct github repo. Their patches live on at Commits · bitman694/xen-sgx · GitHub and other forks, e.g. Branches · CupertinoDude/xen-sgx · GitHub, and definitely do not appear in the Xen history.

So until someone revives the effort, the answer seems to be “no”.

1 Like

The early versions of Intel SGX Enclave I looked at last year were very very limited in the amount of RAM that could be used. Certainly not enough for a VM. AMD’s similar technology did not have a RAM size limitation, so it is possible more recent intel CPUs have removed or future intel CPUs will remove this limitation.

@brendanhoar & @yann Thank you very much for the answer. Considering that they do not support the XEN, will it be possible that I can install it via some way inside the template? Run applications in the enclave?

you might can’t, it too difficult

@ppc @brendanhoar @yann, I have read that the SGX actively supports the docker. Is there a way where I can install the docker on DOM0, and then run the VMs inside the docker? or if not, then install docker in the VMs, and run critical applications in the docker, with the SGX enabled? Like Email, financials, and administrative applications?

These are some links i found useful:

yes, thought it not recommend

you can, but i guess you would not benefit from sgx (as it might require some kind of “passthrough” which is impossible for you since xen don’t support it)

If I run the VMs in a docker, via DOM0 how much does the attack surface increase?

As far as the “pass-through” is concerned, let me try, cause the INTEL SGX has two modes of operation, one is simple “Enabled” other is “Software Controlled”

no, not the vm (container), it the docker itself
if you trust docker(which is acceptable), you can install (at your own risk, but risk in here is small since is just docker)

In this case you stop relying on the Qubes hardware isolation and rely on Docker instead, which is far less secure. If dom0 is compromised, everything is compromised, which is why you should run in dom0 as few things as possible (ideally, nothing!).

See also:

@fsflover I am trying to run the Intel SGX in standalone Debian VM, and trying to run a docker with SGX enabled, so to run sensitive applications. Could you guide me for that?

There is a package called the, it is apparently backed by invisible things labs. That allows normal, unmodified applications to utilize the SGX, requires the up-gradation and modification of the kernel.

Gramine? what is your ideal to make this working? (i can’t guide you since i don’t even know what is gramine)

Gramine is a set of libraries, and it can be downloaded on the existing OS, and can be used to run applications in the secure enclave without docker or anything.

It is opensource, GitHub - gramineproject/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support

As of right now, there is SGX virtualization is available for KVM and Xen.
From the last comment on the thread, in 2019

I am primarily interested in using SGX cause I really have an important use for it, and if I am able to make it work, it can be standardized across the the whole qubes.

Interesting. According to the comment by @yann above, something is wrong with Xen’s support of SGX (no Github repo). I’m afraid I can’t help further, since I’m no expert here.

I read that comment, that is why I am using the Gramine (GitHub - gramineproject/graphene: Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support) library.

It can help use standard applications in a 256 to 512 bit ECC encrypted memory (Enclave)

1 Like

At least it should be easy to verify whether SGX is available in the context you’d like to use it.

@yann Yes, my CPU supports the SGX feature. It is an option on the BIOS menu.