1.1 Hardware Requirement and Configuration
Phala Network operates on trusted hardwares, in this case, Intel CPUs which support SGX feature. SGX was first introduced in 2015 with the sixth generation Intel Core microprocessors based on the Skylake microarchitecture. In practice, the support of SGX feature also relies on your motherboard and BIOS configurations. In this section, we will first ensure that necessary hardware requirements are satisfied and all your hardwares are correcly configured.
General Hardware Requirements
You can refer to the following tutorial to ensure that your CPU is SGX-supported.
First of all, we recommand to update your BIOS to the latest version.
- Enter BIOS. The method varies for different motherboards, and Google is always at your service about this.
- Disable Secure Boot. Go to
Secure Boot, set it to
- Enable SGX Extension. Go to
SGX(This name may vary according to the different manufacturers), set it to
If you can only find
SGX: Software Controlledoption, you will have to run sgx-software-enable in Ubuntu. You can follow the Intel's instructions, build it from source and execute it. Also, we provide a prebuilt file for Ubuntu 18.04 / 20.04 that can be found here. You can download and execute it with the following commands:
1 2 3
wget https://github.com/Phala-Network/sgx-tools/releases/download/0.1/sgx_enable chmod +x sgx_enable sudo ./sgx_enable
- Use UEFI Boot. Go to
Boot Mode, and make sure it was set to
- Save and reboot.
You also need to make sure that Ubuntu is installed in UEFI mode. SGX is not guaranteed to work properly on the OS installed in legacy mode. In such case you may want to reinstall the system.
SGX Driver Installation
Intel provides two kinds of SGX drivers: SGX driver and DCAP driver. The latter one is preferred since it provides more security-related features which can be utilized by Phala in the future, while the former one provides better compatibility and supports old CPUs without FLC support. For now, both drivers work for Phala.
First, check if you already have either of the drivers installed:
- Type in command
ls /dev/isgx. If the file exists, you have the SGX driver installed
- Type in command
ls /dev/sgx. If the directory exists, you have the DCAP driver installed
As long as either type of driver works, your computer will be ready to mine PHA. If neither of the types works, please try to install the DCAP driver first. Type in the commands below to install DCAP driver:
After installation, retry
ls /dev/sgx to check whether the installation succeeds. If the DCAP driver doesn't work, please FIRST UNINSTALL DCAP DRIVER and then switch to the SGX driver. To uninstall the DCAP driver, run:
Then try following commands to install the SGX driver:
ls /dev/isgx again to check if the SGX driver works.
Double check the SGX capability
After the installation of your driver, please use the following utility to double check if everything goes well. Docker is required for this step, and you can peek at how to install it in the next secton.
If you are using the DCAP driver:
docker run -ti --rm --name phala-sgx_detect --device /dev/sgx/enclave --device /dev/sgx/provision phalanetwork/phala-sgx_detect
If you are using the SGX driver:
docker run -ti --rm --name phala-sgx_detect --device /dev/isgx phalanetwork/phala-sgx_detect
Even if there's no
/dev/isgx, you can still run the utility to collect some diagnose information:
docker run -ti --rm --name phala-sgx_detect phalanetwork/phala-sgx_detect
Please pay attention to the following checks:
- SGX system software → Able to launch enclaves →
- Flexible launch control →
Able to launch production mode enclave
Among them, the former one is a must to run Phala Network pRuntime. If it's not supported (tagged as ✘ in the report example below), we are afraid you can't mine PHA with this setup. You may want to replace the motherboard and/or the CPU.
The latter is not a must though, it is suggested to be checked as it would be essential to install the DCAP driver.
The report below would be a positive result:
If you can't run Phala pRuntime with both of them tagged as ✔, you may have to check whether your BIOS is the latest version with latest security patches. If you still can't run Phala pRuntime docker with the latest BIOS of your motherboard manufacturer, we are afraid you can't mine PHA for now with this motherboard.