Hacker Challenge

Prerequisites

Steps that you need to do to run the Hacker Challenge node.

Server requirements

You need have a Server with Intel processor that supports SGX or rent a VM, for options see RedSwitches or Hetzner. You may also have the compliant processor in your laptop or desktop, check here.
Public IP is not required to participate.

Simple installation

Sever preparation is quite simple. Make sure you have installed and using the kernel above v5.13 to get a built-in SGX DCAP driver. Also make sure that you enabled SGX in BIOS. Final step is to add the symlinks for the sgx devices:

Terminal

# Check if sgx is enabled
cpuid | grep -i sgx

# Add symlinks for the sgx devices
sudo mkdir -p /dev/sgx
sudo ln -sf ../sgx_enclave /dev/sgx/enclave
sudo ln -sf ../sgx_provision /dev/sgx/provision

Advanced installation

Advanced installation is needed if you want to work with trusted execution environments on your server directly - not through docker like in the case of simple installation.

Follow this tutorial to install the SGX SDK manually. To simplify the process, we have created the following cheatsheet:

Terminal

# Add debian repository with SGX
echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu/ jammy main' | sudo tee /etc/apt/sources.list.d/intel-sgx.list
wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
sudo apt update

# Choose release https://download.01.org/intel-sgx/Releases/
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_driver_1.41.bin
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_driver_2.11.b6f5b4a.bin
wget https://download.01.org/intel-sgx/sgx-linux/2.24/distro/ubuntu22.04-server/sgx_linux_x64_sdk_2.24.100.3.bin
chmod 777 sgx_linux_x64*

# ECDSA attestation support
sudo apt install build-essential ocaml automake autoconf libtool wget python-is-python3 libssl-dev
# SGX DCAP Driver, kernels v5.11 have it built-in
sudo ./sgx_linux_x64_driver_1.41.bin
# SGX DCAP
sudo apt install python3 cracklib-runtime
sudo apt install libsgx-dcap-ql libsgx-dcap-ql-dev
sudo apt install libsgx-dcap-default-qpl libsgx-dcap-default-qpl-dev
sudo apt install libsgx-dcap-quote-verify libsgx-dcap-quote-verify-dev

# SGX PSW (platform software), get launch, epid, and agnostic attestation
sudo apt install libssl-dev libcurl4-openssl-dev libprotobuf-dev
sudo ./sgx_linux_x64_driver_2.11.b6f5b4a.bin
# *-dbgsym and *-dev versions are for development
sudo apt install libsgx-launch libsgx-epid libsgx-quote-ex libsgx-urts

# Put SGX SDK under /opt/intel
sudo apt install build-essential python-is-python3
sudo ./sgx_linux_x64_sdk_2.24.100.3.bin

# TODO: PCCS is optional and is hard to install, fix it
curl -fsSL https://deb.nodesource.com/setup_20.10 -o nodesource_setup.sh
sudo -E bash nodesource_setup.sh
sudo apt install nodejs
sudo apt install sgx-dcap-pccs
# file with PCCS configurations /etc/sgx_default_qcnl.conf
# USE_SECURE_CERT=TRUE
# PCCS_URL=https://your_pccs_server:8081/sgx/certification/v2/

Introduction

The main DeTEE bounty program for hackers.

Getting started

Getting started with the Hacker Challenge.