1.2 Software Configuration

System Requirement

  • This tutorial is based on Ubuntu 18.04. Ubuntu with versions other than 18.04 are not covered in this tutorial, though they and other Linux distributions may also work as well.
  • How to install Ubuntu 18.04
  • Make sure wget is installed all your packages are up-to-date:
1sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y
2sudo apt install wget

Install Phala-solo-Scripts

Download the Phala-solo-Scripts form Github

1wget https://codeload.github.com/Phala-Network/solo-mining-scripts/zip/main

Unzip and run the install.sh to install the scripts A Phala miner helps maintain the backbone of the network. We suggest you to run a Phala miner on a device with 50+ GB storage. Your node name ,IP address and controllor mnemonic will be set by the scripts.

1unzip main.zip
2cd solo-mining-scripts-main
3sudo chmod +x *.sh
4sudo ./install.sh en
5sudo phala install init

The scripts will install the docker,sgx driver and pull all the Phala docker images

Double check the SGX capability

After the installation of your driver, please use the following utility to double check if everything goes well. Docker is required for this step, and you can peek at how to install it in the next secton.

  • You can run the SGX test by the Phala scripts

    1sudo phala sgx-test
    

Please pay attention to the following checks:

  1. SGX system software → Able to launch enclaves → Production Mode
  2. Flexible launch control → Able to launch production mode enclave

Among them, the former one is a must to run Phala Network pRuntime. If it's not supported (tagged as ✘ in the report example below), we are afraid you can't mine PHA with this setup. You may want to replace the motherboard and/or the CPU.

The latter is not a must though, it is suggested to be checked as it would be essential to install the DCAP driver.

The report below would be a positive result:

 1Detecting SGX, this may take a minute...
 2aesm_service[15]: Malformed request received (May be forged for attack)
 3✔  SGX instruction set
 4  ✔  CPU support
 5  ✔  CPU configuration
 6  ✔  Enclave attributes
 7  ✔  Enclave Page Cache
 8  SGX features
 9    ✘  SGX2  ✘  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✘  KSS
10    Total EPC size: 94.0MiB
11✘  Flexible launch control
12  ✔  CPU support
13  ? CPU configuration
14  ✘  Able to launch production mode enclave
15✔  SGX system software
16  ✔  SGX kernel device (/dev/isgx)
17  ✔  libsgx_enclave_common
18  ✔  AESM service
19  ✔  Able to launch enclaves
20    ✔  Debug mode
21    ✘  Production mode
22    ✔  Production mode (Intel whitelisted)
23
24🕮  Flexible launch control > CPU configuration
25Your hardware supports Flexible Launch Control, but whether it's enabled could not be determined. More information might be available by re-running this program with sudo. Would you like to do that?
26(not supported yet)
27
28debug: Error reading MSR 3Ah: Failed to load MSR kernel module
29debug: cause: Failed to load MSR kernel module
30debug: cause: Failed executing modprobe
31debug: cause: No such file or directory (os error 2)
32
33More information: https://edp.fortanix.com/docs/installation/help/#flc-cpu-configuration
34
35🕮  SGX system software > Able to launch enclaves > Production mode
36The enclave could not be launched. This might indicate a problem with FLC.
37
38debug: failed to load report enclave
39debug: cause: failed to load report enclave
40debug: cause: The EINITTOKEN provider didn't provide a token
41debug: cause: aesm error code GetLicensetokenError_6
42
43More information: https://edp.fortanix.com/docs/installation/help/#run-enclave-prod
44
45You're all set to start running SGX programs!
46Generated machine id:
47[162, 154, 220, 15, 163, 137, 184, 233, 251, 203, 145, 36, 214, 55, 32, 54]
48
49Testing RA...
50aesm_service[15]: [ADMIN]EPID Provisioning initiated
51aesm_service[15]: The Request ID is 09a2bed647d24f909d4a3990f8e28b4a
52aesm_service[15]: The Request ID is 8d1aa4104b304e12b7312fce06881260
53aesm_service[15]: [ADMIN]EPID Provisioning successful
54isvEnclaveQuoteStatus = GROUP_OUT_OF_DATE
55platform_info_blob { sgx_epid_group_flags: 4, sgx_tcb_evaluation_flags: 2304, pse_evaluation_flags: 0, latest_equivalent_tcb_psvn: [15, 15, 2, 4, 1, 128, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, 0], latest_pse_isvsvn: [0, 11], latest_psda_svn: [0, 0, 0, 2], xeid: 0, gid: 2919956480, signature: sgx_ec256_signature_t { gx: [99, 239, 225, 171, 96, 219, 216, 210, 246, 211, 20, 101, 254, 193, 246, 66, 170, 40, 255, 197, 80, 203, 17, 34, 164, 2, 127, 95, 41, 79, 233, 58], gy: [141, 126, 227, 92, 128, 3, 10, 32, 239, 92, 240, 58, 94, 167, 203, 150, 166, 168, 180, 191, 126, 196, 107, 132, 19, 84, 217, 14, 124, 14, 245, 179] } }
56advisoryURL = https://security-center.intel.com
57advisoryIDs = "INTEL-SA-00219", "INTEL-SA-00289", "INTEL-SA-00320", "INTEL-SA-00329"

If your got a report like below, please screenshot it, and send it to Phala Discord Server or Telegram Miner Group for help.

 1Detecting SGX, this may take a minute...
 2✔  SGX instruction set
 3  ✔  CPU support // if tagged with ❌: it does not suppoort SGX function, you would need to use other types of CPU.
 4  ✔  CPU configuration // if tagged with ❌: you would need to check BIOS updates.
 5  ✔  Enclave attributes // if tagged with ❌: probably caused by [CPU support issue] and [CPU configuration]
 6  ✔  Enclave Page Cache // if tagged with ❌: probably caused by [CPU support issue] and [CPU configuration]
 7  SGX features
 8    ✘  SGX2  ✘  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✘  KSS // It's OK if SGX2 was tagged with ❌. Phala has not integrated with SGX2 technology in the current stage.
 9    Total EPC size: 94.0MiB
10✘  Flexible launch control
11  ✔  CPU support
12  ✘  CPU configuration // if tagged with ❌: you can give it a try but your miner might be affected when the SGX driver upgrades in the future.
13✔  SGX system software
14  ✔  SGX kernel device (/dev/isgx)
15  ✔  libsgx_enclave_common
16  ✔  AESM service
17  ✔  Able to launch enclaves
18    ✔  Debug mode
19    ✘  Production mode // if tagged with ❌: you would need to check BIOS updates.
20    ✔  Production mode (Intel whitelisted)
21
22🕮  Flexible launch control > CPU configuration
23Your hardware supports Flexible Launch Control, but it's not enabled in the BIOS. Reboot your machine and try to enable FLC in your BIOS. Alternatively, try updating your BIOS to the latest version or contact your BIOS vendor.
24
25debug: MSR 3Ah IA32_FEATURE_CONTROL.SGX_LC = 0
26
27More information: https://edp.fortanix.com/docs/installation/help/#flc-cpu-configuration
28
29🕮  SGX system software > Able to launch enclaves > Production mode
30The enclave could not be launched. This might indicate a problem with FLC.
31
32debug: failed to load report enclave
33debug: cause: failed to load report enclave
34debug: cause: The EINITTOKEN provider didn't provide a token
35debug: cause: aesm error code GetLicensetokenError_6

If you can't run Phala pRuntime with both of them tagged as ✔, you may have to check whether your BIOS is the latest version with latest security patches. If you still can't run Phala pRuntime docker with the latest BIOS of your motherboard manufacturer, we are afraid you can't mine PHA for now with this motherboard.