官方的手册：https://graphene.readthedocs.io/en/latest/quickstart.html
如果您的系统是Ubuntu 20.04默认安装且kernel version为5.11+的话，可以无脑执行下面的命令

常见依赖

https://graphene.readthedocs.io/en/latest/building.html#id1

sudo apt-get install -y autoconf bison build-essential gawk meson python3 python3-click python3-jinja2 wget
sudo apt-get install -y libunwind8 python3-pyelftools python3-pytest

SGX 的依赖项

1. 需要的安装包

sudo apt-get install -y libcurl4-openssl-dev libprotobuf-c-dev protobuf-c-compiler python3-pip python3-protobuf 
python3 -m pip install toml>=0.10

2. 升级到使用 FSGSBASE 打补丁的 Linux 内核

请注意，如果您的内核版本为 5.9 或更高版本，则 FSGSBASE 功能已被支持，您可以跳过此步骤。
检测kernel version

uname -r

如果您当前的内核版本低于 5.9，那么您有两种选择：

1. 在您的操作系统发行版中将 Linux 内核至少更新到 5.9。 如果您使用 Ubuntu，您可以按照例如 this tutorial.
2. 使用我们提供的 Linux 内核 5.4 版补丁。 具体步骤见章节 Advanced: installing Linux kernel with FSGSBASE patches 。

3. 安装 Intel SGX驱动

请注意，如果您的内核版本为 5.11 或更高版本，那么 Intel SGX 驱动程序已经安装，您可以跳过此步骤。

如果你的旧CPU不支持 FLC, 您需要下载并安装以下 Intel SGX 驱动程序：https://github.com/intel/linux-sgx-driver

如果你的CPU支持FLC, 您可以从以下位置选择安装英特尔 SGX 驱动程序的 DCAP 版本：https://github.com/intel/SGXDataCenterAttestationPrimitives

4. 安装 Intel SGX SDK/PSW

https://github.com/intel/linux-sgx

4.1 先决条件:

sudo apt-get install build-essential ocaml ocamlbuild automake autoconf libtool wget python-is-python3 libssl-dev git cmake perl
sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev debhelper cmake reprepro unzip

为了安装最新的Intel® SGX SDK安装器，请确保你下载了最新的 Intel® SGX SDK安装器从Intel® SGX SDK 跟随安装指引Installation Guide在相同的页安装最新的Intel® SGX SDK Installer.

sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev
sudo apt-get install build-essential python-is-python3
sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev 
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_driver_${version}.bin
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_driver_${version}.bin
wget - https://download.01.org/intel-sgx/sgx-linux/${kernel_version}/distro/ubuntu20.04-server/sgx_linux_x64_sdk_${version}.bin
sudo chmod 777 sgx_linux_x64_* 
sudo apt-get install dkms

4.2. 安装 SDK and PSW

Install the components in following order:

1. Intel® SGX driver
2. Intel® SGX SDK
3. Intel® SGX PSW

4.2.1. Intel SGX 驱动

sudo apt-get install build-essential ocaml automake autoconf libtool wget python libssl-dev
sudo ./sgx_linux_x64_driver_${version}.bin
git clone https://github.com/intel/linux-sgx.git
cd linux-sgx
make preparation
sudo cp external/toolset/ubuntu20.04/{as,ld,objdump} /usr/local/bin/
which ld.gold
sudo cp /usr/bin/ld.gold /usr/local/bin/
sudo make sdk
sudo make sdk_install_pkg

4.2.2. Intel SGX SDK

sudo apt-get install build-essential python
cd linux/installer/bin
sudo ./sgx_linux_x64_sdk_${version}.bin
# Enter no，/opt/intel/
source /opt/intel/sgxsdk/environment

编译和运行一下代码查看是否成功：

cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
sudo make SGX=1
cd bin
./app

这里可能会报错，显示没有一个文件libsgx-urts，不过不用慌，把4.2.3安装好之后再来跑一次就不会报错了。

4.2.3. Intel SGX PSW

echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install libsgx-launch libsgx-urts
sudo apt-get install libsgx-epid libsgx-urts
sudo apt-get install libsgx-quote-ex libsgx-urts
sudo apt-get install libsgx-dcap-ql

重启电脑，然后实验一下是否成功，用刚刚测试错误的代码再来一次：

cd ${sgx-sdk-install-path}/SampleCode/LocalAttestation
sudo make SGX=1
cd bin
./app

显示成功！！！！！，nice！！！

---

下面是安装graphene，是一个开源项目给SGX做的，看个人情况而安装。

1. Ensure

Ensure that Intel SGX is enabled on your platform using is_sgx_available.

2. Repository:

Clone the Graphene repository:

git clone https://github.com/oscarlab/graphene.git
cd graphene

3. Prepare a signing key:

sudo openssl genrsa -3 -out Pal/src/host/Linux-SGX/signer/enclave-key.pem 3072

4. Build Graphene and Graphene-SGX:

sudo apt-get install -y autoconf bison build-essential gawk libcurl4-openssl-dev libprotobuf-c-dev meson protobuf-c-compiler python3 python3-click python3-jinja2 python3-pip python3-protobuf wget
sudo python3 -m pip install toml>=0.10
sudo make
sudo make ISGX_DRIVER_PATH="" SGX=1                  # this assumes Linux 5.11+
sudo meson setup build/ --buildtype=release -Ddirect=enabled -Dsgx=enabled
sudo ninja -C build/
sudo ninja -C build/ install

5. Set vm.mmap_min_addr=0 in the system (only required for the legacy SGX driver and not needed for newer DCAP/in-kernel drivers):

sudo sysctl vm.mmap_min_addr=0

Note that this is an inadvisable configuration for production systems.

6. Build and run helloworld:

cd LibOS/shim/test/regression
sudo make SGX=1
sudo make SGX=1 sgx-tokens
graphene-sgx helloworld

以上就是安装好了sgx了，下面进行运行python代码

---

Python example

cd /linux-sgx/graphene/Examples/python/

This directory contains an example for running Python 3 in Graphene, including
the Makefile and a template for generating the manifest.

Generating the manifest

Installing prerequisites

For generating the manifest and running the test scripts, please run the following command to install the required packages (Ubuntu-specific):

sudo apt-get install libnss-mdns python3-numpy python3-scipy

Building for Linux

Run make (non-debug) or make DEBUG=1 (debug) in the directory.

Building for SGX

Run make SGX=1 (non-debug) or make SGX=1 DEBUG=1 (debug) in the directory.

Building with a local Python installation

By default, the make command creates the manifest for the Python binary from the system installation. If you have a local installation, you may create the manifest with the PYTHONPATH variable set accordingly. You can also specify a particular version of Python. For example:

make PYTHONPATH=<python install path> PYTHONVERSION=python3.6 SGX=1

Run Python with Graphene

Here’s an example of running Python scripts under Graphene:

Without SGX:

graphene-direct ./python scripts/helloworld.py
graphene-direct ./python scripts/test-numpy.py
graphene-direct ./python scripts/test-scipy.py

With SGX:

graphene-sgx ./python scripts/helloworld.py
graphene-sgx ./python scripts/test-numpy.py
graphene-sgx ./python scripts/test-scipy.py

You can also manually run included tests:

SGX=1 ./run-tests.sh

---

谢谢大家！