Build the server from source

Info

If you're building the client because you want to change it, you should first go to the setting up your dev environment guide and then build without docker.

Without docker

Build process

Make sure to set up a dev environment to easily install the build dependencies.

started Before building the project, some dependencies and service must be up and running, and the hardware requirements must be installed (hardware-requirements).

The installation of the Intel SDK can be found by following this link.

The Fortanix EDP dependencies must also be installed. You can check the official Fortanix documentation here.

The SGX configuration and services can be viewed using the command :

sgx-detect

Before running the BlindAi project, some other packages must be installed:

sudo apt install jq

cargo install just

Hardware modeAzure DCsv3 VMs mode

You will need the SGX Default Quote Provider Library as well. This can be installed with this command:

sudo apt-get install -y software-properties-common 
curl -fsSL  https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add - 

sudo add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -cs) main" 
sudo apt-get install -y libsgx-dcap-ql-dev libsgx-dcap-default-qpl-dev libsgx-uae-service libsgx-dcap-default-qpl

You will also need to install the Provisioning Certificate Caching Service (PCCS) by following this documentation (The PCCS must be installed directly from the Github repo as it is not yet updated by Intel on their repo). During installation, a PCCS Key will be asked. This key is delivered by Intel here.

We can clone the BlindAi repo on Github then build the server using the following steps:

git submodule init
git submodule update

cd server
just build 

# for generating the manifest file 
just generate-manifest-dev 

Make sure to have the DCs v3 quote provision library:

curl -sSL https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo apt-add-repository https://packages.microsoft.com/ubuntu/20.04/prod
sudo apt-get update
sudo apt-get install az-dcap-client
ln -s /usr/lib/libdcap_quoteprov.so /usr/lib/x86_64-linux-gnu/libdcap_quoteprov.so.1

We can then build the server using :

cd server
just build 

# for generating the manifest file 
just generate-manifest-dev 

The manifest will be generated at the build process and will serve as essential to the remote attestation process:

• manifest.toml: the enclave security manifest that defines which enclave is trusted.

More informations about them on this page and in the remote attestation implementation.

Running

Once you are sure to have everything ready, you can run BlindAI.

Hardware modeHardware mode (Azure DCsv3 VMs)

We can run blindai using :

cd server 

just run

cd server

BLINDAI_AZURE_DCS3_PATCH=1 just run 

Info

If you have trouble building and installing from source, don't hesitate to open an issue on our github.