System requirements

To run an application in a Docker container with the Anjuna Runtime and Intel® SGX, a host and container must meet the following requirements:

  • The container must be based on a supported Linux distribution and version. Supported versions of Linux include:

    • Ubuntu 20

    • Ubuntu 18

    • Debian 10

  • The container must be running on a host that supports Intel® SGX, and the support must be enabled. For more information about Intel® SGX support, see this Intel® guide.

  • The host must have the proper Intel® SGX dependencies installed (the Anjuna Runtime installer installs them automatically).

  • The container must be configured to have access to the Intel® SGX device drivers.

  • The Anjuna Runtime binaries and dependencies must be installed in the container.

DCAP support

Currently, the host must also have support for Intel® SGX DCAP technology. To find out whether a host running Linux supports DCAP, you will need to use a tool called cpuid.

On Ubuntu 20.04, Ubuntu 18.04 and Debian 10, execute the following commands to update your package manager cache and install cpuid:

$ sudo apt update
$ sudo apt install cpuid -y

Now, execute cpuid to learn whether your CPU supports Intel® SGX DCAP:

$ cpuid | grep launch

If the CPU supports DCAP then the output of the command contains the following text:

SGX_LC: SGX launch config supported = true

If the output is different, then the CPU does not support DCAP. For example, following is output from a CPU that does not support DCAP:

SGX_LC: SGX launch config supported = false

For more information about setting up the Intel® SGX DCAP Environment on supported hardware, see Intel®'s Quick Install Guide.

If your system and container meet these prerequisites, then running an application with the Anjuna Runtime in Docker works the same way as running it directly on the host.