8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

ֿ
Anibal Garrido

Fireblocks Help Center

>
Developer Guide
>
API Co-Signer

Search

Articles in this section

SGX Enabled Server: Provisioning Guide

20 days ago ·
Updated

Follow

Your API server co-signing components must be executed over an SGX-enabled machine with an
SGX driver loaded.

This article describes the steps to properly configure an SGX-enabled machine in one of the
following configurations:

Setup Option 1: Azure Confidential Compute VM

Setup Option 2: IBM Cloud Bare Metal server
Setup Option 3: On-Premise Server

Setup Option 1: Azure Confidential Compute VM

Follow this Microsoft installation guide. Only the “Configure an Intel SGX virtual machine” section is
required. The necessary settings are listed below. You don’t need to follow the “Connect to the Linux
VM” or “Next Steps” sections.

1. Make sure you have these settings in the “Get Started" section:

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 1/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

Image: Ubuntu 20.04 LTS (Canonical)

Region: Select you region.

Under "Advanced" tab: Gen 2
Size (recommended): Standard_DC4s_v3

Note: Standard_DC4s_v3 isn’t mandatory. Standard_DC4s_v2 also works, but v3

allows for optimized performance and isn’t available out of the box. This requires a
request for a quota increase by opening a ticket with the Azure support team.

2. The final setup window should look like this (unless you chose a different size or region): 

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 2/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

Setup Option 2: IBM Cloud

1. On the Dashboard Page, select Create Resource.

2. Go to IBM Cloud catalog > Compute > Bare Metal Servers.

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 3/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

3. In the Server Profile section, select View all profiles.

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 4/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

4. Choose Intel Xeon E-2174G CPU:

5. In the Operating system section, select the following from the fields' drop-down lists:

Vendor: Ubuntu

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 5/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

Version: 18.04 LTS (64 bit)

6. In the Add-ons section, under the Security and business continuity heading, select the
Software Guard Extensions toggle.

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 6/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

7. Select Create.

Setup Option 3: On-Premise Server

The requirements for the on-premise server are as follows:

CPU: Use one of the following:

Processor Name / Max Turbo Base

Cores Cache TDP
Number Frequency Frequency

I t l® X ® E 2278GEL
https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 35 7/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center
Intel® Xeon® E-2278GEL 35
8 3.90 GHz 2.00 GHz 16 MB
Processor W

Intel® Xeon® E-2278GE 8 4.70 GHz 3.30 GHz 16 MB 80

Processor W

Intel® Xeon® E-2274G 8 MB Intel® Smart 83

4 4.90 GHz 4.00 GHz
Processor Cache W

Intel® Xeon® E-2288G 16 MB Intel® 95

8 5.00 GHz 3.70 GHz
Processor Smart Cache W

Intel® Xeon® E-2278G 16 MB Intel® 80

8 5.00 GHz 3.40 GHz
Processor Smart Cache W

Intel® Xeon® E-2286G 12 MB Intel® 95

6 4.90 GHz 4.00 GHz
Processor Smart Cache W

Intel® Xeon® E-2276G 12 MB Intel® 80

6 4.90 GHz 3.80 GHz
Processor Smart Cache W

Intel® Xeon® E-2176G 12 MB Intel® 80

6 4.70 GHz 3.70 GHz
Processor Smart Cache W

Intel® Xeon® E-2174G 8 MB Intel® Smart 71

4 4.70 GHz 3.80 GHz
Processor Cache W

Intel® Xeon® E-2186G 12 MB Intel® 95

6 4.70 GHz 3.80 GHz
Processor Smart Cache W

BIOS:
Enable Intel SGX (Software Guard Extension)
https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 8/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center
Enable Intel SGX (Software Guard Extension)
Enable DCAP (FLC)
Disable hyperthreading

OS: Ubuntu 20.04

Once the installation is complete, follow the instructions in the appendix below to verify SGX is
enabled.

Appendix A: SGX Enablement Verification

After the installation completes, verify SGX is enabled with the latest microcode and DCAP (FLC)
supported:

1. Run the following shell commands:

sudo apt update

sudo apt upgrade

sudo apt install cpuid

cpuid -1 | grep -i sgx

2. Verify that “SGX: Software Guard Extensions supported” is true and “SGX_LC: SGX launch config
supported” are both true.

Was this article helpful?

Yes
No

8 out of 13 found this helpful

Have more questions? Submit a request

Return to top

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 9/10
8/8/22, 23:13 SGX Enabled Server: Provisioning Guide – Fireblocks Help Center

Fireblocks Help Center

https://support.fireblocks.io/hc/en-us/articles/360015903159-SGX-Enabled-Server-Provisioning-Guide 10/10