sgx-psw: 2.25 -> 2.27; sgx-azure-dcap-client: 1.12.3 -> 1.13.0-pre0; nixos/aesmd: unbreak; sgx-sdk: drop by phlip9 · Pull Request #489368 · NixOS/nixpkgs

phlip9 · 2026-02-11T09:27:26Z

Changes

Update the sgx-psw package to the latest 2.27 release.

Diff: https://github.com/intel/linux-sgx/compare/sgx_2.25..sgx_2.27
Changelog (2.26): https://github.com/intel/linux-sgx/releases/tag/sgx_2.26
Changelog (2.27): https://github.com/intel/linux-sgx/releases/tag/sgx_2.27

Fix the aesmd service, which broke with the update to systemd-v257 (#356818).

Update the sgx-azure-dcap-client to 1.13.0 (pre-release), which uses the new v4 Intel PCCS API as the prior v2 and v3 API versions are EOL on 2026-04-30.

If possible, it would be nice to backport this to release-25.11, as sgx-psw/aesmd are currently broken on that release.

Previous update PRs:

2.25 -> 2.26 (unmerged): sgx-psw: 2.25 -> 2.26 #420079
2.24 -> 2.25: sgx-psw+aesmd: 2.24 -> 2.25 #353041

Quick Glossary:

Intel SGX is a Confidential Computing technology for running hardware-isolated enclaves and confidential VMs (Intel TDX) on Intel server CPUs alongside an untrusted hypervisor/Linux/userspace software stack.
sgx-psw (Platform SoftWare) provides the aesmd service (Architecture Enclave Service Manager Daemon), which simplifies running enclaves and getting remote attestation quotes.

Testing:

These changes were tested on an SGX-enabled Azure gen2 VM (DCSv3) running NixOS.

Run against real SGX hardware

Make sure you're running on a recent x86-64 Intel CPU, against a somewhat recent kernel with the in-tree kernel SGX driver (any NixOS config in the last few years should cover this).

Check the hardware and kernel setup:

$ journalctl --boot --dmesg --grep=sgx
kernel: sgx: EPC section 0x2c0000000-0x3bfffffff

In your NixOS configuration.nix, add something like:

  services.aesmd = {
    enable = true;
    # Include this if you're running on Azure
    quoteProviderLibrary = pkgs.sgx-azure-dcap-client;
  };

After a nixos-rebuild switch, check that the devices are configured and the aesmd service is running:

$ find /dev -name "*sgx*" -ls
 83      0 crw-rw----   1 root     sgx_prv   10, 126 May  8 17:21 /dev/sgx_provision
 84      0 crw-rw----   1 root     sgx       10, 125 May  8 17:21 /dev/sgx_enclave
400      0 drwxr-xr-x   2 root     root           80 May  8 17:21 /dev/sgx

$ systemctl status aesmd.service
● aesmd.service - Intel Architectural Enclave Service Manager
     Loaded: loaded (/etc/systemd/system/aesmd.service; enabled; preset: ignored)
     Active: active (running) since Wed 2026-02-11 08:52:20 UTC; 30min ago
 Invocation: 57a4f266b02b42c0a1d26cf3e7b3e8fa
    Process: 2170 ExecStartPre=/nix/store/d5p50m46spz9074r84yj4pmilm4x1z3g-copy-aesmd-data-files.sh (code=exited, status=0/SUCCESS)
   Main PID: 2185 (aesm_service)
         IP: 16.9K in, 3K out
         IO: 0B read, 16K written
      Tasks: 4 (limit: 38481)
     Memory: 4.5M (peak: 4.9M)
        CPU: 369ms
     CGroup: /system.slice/aesmd.service
             └─2185 /nix/store/fs5zwavky3hlq0bhwhgylxq7zcy1jf1q-sgx-psw-2.27.100.1/aesm/aesm_service --no-daemon

Feb 11 08:52:20 lexe-dev aesm_service[2185]: epid_quote_service_bundle_name:2.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: le_launch_service_bundle_name:2.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: linux_network_service_bundle_name:2.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: pce_service_bundle_name:2.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: quote_ex_service_bundle_name:2.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: system_bundle:4.0.0
Feb 11 08:52:20 lexe-dev aesm_service[2185]: Failed to set logging callback for the quote provider library.
Feb 11 08:52:20 lexe-dev aesm_service[2185]: The server sock is 0x55facb02fa40
Feb 11 08:53:01 lexe-dev aesm_service[2185]: InKernel LE loaded
Feb 11 08:53:01 lexe-dev aesm_service[2185]: Azure Quote Provider: libdcap_quoteprov.so [INFO]: Debug Logging Enabled

$ ls -l /var/run/aesmd/aesm.socket
srwxrwxrwx 1 aesmd sgx 0 Jun 26 00:19 /var/run/aesmd/aesm.socket

Run a test enclave that exercises remote attestation:

$ nix run -L github:lexe-app/lexe-public#run-sgx-test
Ensure SGX platform primitives work (sealing, attestation, etc)
machine_id: e6f7d35736746f205a71551771263b86
measurement: eac7ec70f2de593d368f4e56622a0cd9121299ea8d423a55d687c5fbaccb7444

SEALING
seal('label', 'my data') := 4c00000004000100000000000e0e100fffff010000000000000000000700000000000000e70000000000000056fb656bd71b051ba6a95a9a9e6f35a65954215f4cdbda2fae2ad4edff95ceff000000001700000018330baa813a2b8cb80a351935551f1ffb4f1da134714a

REMOTE ATTESTATION
fake pubkey we're attesting to: 4545454545454545454545454545454545454545454545454545454545454545
SGX DER-serialized evidence:
quote: 03000200000000000b00..4452d2d2d2d2d0a00

SGX enclave Report:
measurement: eac7ec70f2de593d368f4e56622a0cd9121299ea8d423a55d687c5fbaccb7444
mrsigner: 9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a
reportdata: 45454545454545454545454545454545454545454545454545454545454545450000000000000000000000000000000000000000000000000000000000000000
attributes: Attributes { flags: INIT | MODE64BIT, xfrm: 231 }
miscselect: (empty)
cpusvn: 10101110ffff01000000000000000000
isvsvn: 0
isvsvn: 0

Things done

phlip9 · 2026-02-20T06:47:31Z

@marcin-serwin Thanks for the review. All comments should be addressed.

marcin-serwin

LGTM but I have no experience with running this so I'd prefer to have a second opinion before merging.

phlip9 · 2026-02-21T14:56:09Z

Needed to rebase on master after a repo-wide finalAttrs refactor commit touched a deleted file (pkgs/os-specific/linux/sgx/sdk/default.nix).

phlip9 · 2026-02-21T15:08:00Z

cc @haraldh are you still using SGX at all? any chance you could give this a test real quick? Thanks!

haraldh · 2026-02-21T17:32:21Z

sorry, only Sev-SNP and TDX

phlip9 · 2026-02-25T14:23:10Z

rebased on master

phlip9 · 2026-02-27T15:07:55Z

Updated the `aesmd` service to fix an issue and cleaned up some old OOT+DCAP compat stuff.

On our prod machines, aesmd would always fail the first time after boot, with logs like:
XXX-copy-aesmd-data-files.sh[770]: chown: invalid user: 'aesmd:aesmd'.
Everything would be fine after the next restart, but blocking boot for 15 seconds is definitely annoying.

It appears the issue was that we were trying to name the DynamicUser User and Group (aesmd/aesmd) during ExecStartPre, but systemd only creates these right before ExecStart. After playing around with the ExecStartPre script, I finally got it to work correctly. As a bonus, we can also re-add the RootDirectory/chroot hardening.

I've also cleaned out the config for the old out-of-tree isgx driver and the old DCAP driver. The kernel has had in-kernel SGX support since 5.11 (~2021/02).

mdaniels5757 · 2026-03-23T00:32:48Z

I made no changes to code, only commit messages.

mdaniels5757 · 2026-03-23T00:33:29Z

`nixpkgs-review` result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 489368 --additional-package nixosTests.aesmd
Commit: c889d50b44ee792a6ca9c34b12d5e1b4fc74b993

`x86_64-linux`

⏩ 2 packages blacklisted:

nixos-install-tools
tests.nixos-functions.nixos-test

❌ 2 packages failed to build:

nixosTests.aesmd
sgx-psw

✅ 1 package built:

sgx-azure-dcap-client

Error logs: `x86_64-linux`

sgx-psw

In file included from /nix/store/m6q48f6svqnfbvyqkis60a6vw5ww0v57-protobuf-34.0/include/google/protobuf/generated_message_tctable_decl.h:24,
                 from ../../../psw/ae/aesm_service/source/core/ipc/messages.pb.h:24,
                 from ../../../psw/ae/aesm_service/source/core/ipc/IAEMessage.h:41,
                 from ../../../psw/ae/aesm_service/source/core/ipc/AEGetQuoteResponse.cpp:38:
/nix/store/m6q48f6svqnfbvyqkis60a6vw5ww0v57-protobuf-34.0/include/google/protobuf/message_lite.h:771:44: note: declared here
  771 |   PROTOBUF_FUTURE_ADD_EARLY_NODISCARD bool SerializeToArray(void* data,
      |                                            ^~~~~~~~~~~~~~~~
../../../psw/ae/aesm_service/source/core/ipc/AEGetQuoteResponse.cpp: In member function 'virtual bool AEGetQuoteResponse::inflateWithMessage(AEMessage*)':
../../../psw/ae/aesm_service/source/core/ipc/AEGetQuoteResponse.cpp:107:23: error: ignoring return value of 'bool google::protobuf::MessageLite::ParseFromArray(const void*, int)', declared with attribute 'nodiscard' [8;;https://gcc.gnu.org/onlinedocs/gcc-15.2.0/gcc/Warning-Options.html#index-Wno-unused-result�-Werror=unused-result8;;�]
  107 |     msg.ParseFromArray(message->data, message->size);
      |     ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/nix/store/m6q48f6svqnfbvyqkis60a6vw5ww0v57-protobuf-34.0/include/google/protobuf/message_lite.h:695:3: note: declared here
  695 |   ParseFromArray(const void* data, int size);
      |   ^~~~~~~~~~~~~~
cc1plus: all warnings being treated as errors
make[2]: *** [Makefile:154: AEGetQuoteResponse.o] Error 1
make[2]: Leaving directory '/build/source/psw/uae_service/linux'
make[1]: *** [Makefile:49: uae_service] Error 2
make[1]: Leaving directory '/build/source/psw'
make: *** [Makefile:66: psw] Error 2

This package has been broken and unmaintained since 2024-11, when it broke sometime around the nixos-24.11 release

On our prod machines, aesmd would always fail the first time after boot, with logs like: `XXX-copy-aesmd-data-files.sh[770]: chown: invalid user: 'aesmd:aesmd'`. Everything would be fine after the next restart, but blocking boot for 15 seconds is definitely annoying. It appears the issue was that we were trying to name the DynamicUser User and Group (aesmd/aesmd) during ExecStartPre, but systemd only creates these right before ExecStart. After playing around with the ExecStartPre script, I finally got it to work correctly. As a bonus, we can also re-add the RootDirectory/chroot hardening. I've also cleaned out the config for the old out-of-tree isgx driver and the old DCAP driver. The kernel has had in-kernel SGX support since 5.11 (~2021/02).

phlip9 · 2026-03-24T17:45:43Z

@mdaniels5757 Good catch, looks like sgx-psw breaks on protobuf_34. I've rebased on master and pinned to protobuf_33 for now.

-  sgx-psw = callPackage ../os-specific/linux/sgx/psw { };
+  sgx-psw = callPackage ../os-specific/linux/sgx/psw {
+    protobuf = protobuf_33;
+  };

mdaniels5757 · 2026-03-24T21:36:49Z

`nixpkgs-review` result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 489368 --additional-package nixosTests.aesmd
Commit: 29c30249c30eeddb3f53eb7674c7f0033e10b764

`x86_64-linux`

⏩ 2 packages blacklisted:

nixos-install-tools
tests.nixos-functions.nixos-test

✅ 1 test built:

nixosTests.aesmd

✅ 2 packages built:

sgx-azure-dcap-client
sgx-psw

nixpkgs-ci · 2026-03-25T01:03:55Z

Backport failed for release-25.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin release-25.11
git worktree add -d .worktree/backport-489368-to-release-25.11 origin/release-25.11
cd .worktree/backport-489368-to-release-25.11
git switch --create backport-489368-to-release-25.11
git cherry-pick -x bbbf5bd268d017d8fd961df945381d4579f12b33 6e4fc8483ea7710891e36f4f13212bf9e707f511 c7beca362be42d9265ee82c6ae3b1c1b51dfdf13 29c30249c30eeddb3f53eb7674c7f0033e10b764

phlip9 mentioned this pull request Feb 11, 2026

sgx-psw: 2.25 -> 2.26 #420079

Closed

nixpkgs-ci Bot requested review from RealityAnomaly, arcz, sbellem and veehaitch February 11, 2026 09:32

marcin-serwin requested changes Feb 17, 2026

View reviewed changes

phlip9 force-pushed the sgx-psw-2.27 branch from 7dc395c to 074d34a Compare February 20, 2026 06:41

marcin-serwin approved these changes Feb 21, 2026

View reviewed changes

nixpkgs-ci Bot added 2.status: merge conflict This PR has merge conflicts with the target branch 12.approvals: 1 This PR was reviewed and approved by one person. labels Feb 21, 2026

phlip9 force-pushed the sgx-psw-2.27 branch from 074d34a to 3635bf9 Compare February 21, 2026 14:54

nixpkgs-ci Bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 21, 2026

phlip9 force-pushed the sgx-psw-2.27 branch from 3635bf9 to 461d7f2 Compare February 25, 2026 14:22

phlip9 force-pushed the sgx-psw-2.27 branch from 0f926e8 to 71a122b Compare February 27, 2026 15:10

This comment was marked as outdated.

Sign in to view

nixpkgs-ci Bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-nixos-tests This PR causes rebuilds for all NixOS tests and should normally target the staging branches. labels Feb 27, 2026

phlip9 force-pushed the sgx-psw-2.27 branch from 71a122b to e5759b8 Compare February 27, 2026 15:23

mdaniels5757 added the backport release-25.11 Backport PR automatically label Mar 23, 2026

mdaniels5757 force-pushed the sgx-psw-2.27 branch from e5759b8 to b3340fa Compare March 23, 2026 00:19

mdaniels5757 changed the title ~~sgx-psw+aesmd: 2.25 -> 2.27~~ sgx-psw: 2.25 -> 2.27; sgx-azure-dcap-client: 1.12.3 -> 1.13.0-pre0; nixos/aesmd: unbreak; sgx-sdk: drop Mar 23, 2026

mdaniels5757 force-pushed the sgx-psw-2.27 branch from b3340fa to c889d50 Compare March 23, 2026 00:25

mdaniels5757 mentioned this pull request Mar 23, 2026

Tracking: Broken ancient packages #459759

Open

phlip9 added 4 commits March 24, 2026 10:40

sgx-psw: 2.25 -> 2.27; nixos/aesmd: update

bbbf5bd

sgx-azure-dcap-client: 1.12.3 -> 1.13.0-pre0

6e4fc84

sgx-sdk: drop

c7beca3

This package has been broken and unmaintained since 2024-11, when it broke sometime around the nixos-24.11 release

phlip9 force-pushed the sgx-psw-2.27 branch from c889d50 to 29c3024 Compare March 24, 2026 17:43

mdaniels5757 approved these changes Mar 25, 2026

View reviewed changes

mdaniels5757 added this pull request to the merge queue Mar 25, 2026

Merged via the queue into NixOS:master with commit 653fc36 Mar 25, 2026
28 of 31 checks passed

phlip9 deleted the sgx-psw-2.27 branch March 25, 2026 02:04

Uh oh!

Conversation

phlip9 commented Feb 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

Run against real SGX hardware

Things done

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

phlip9 commented Feb 20, 2026

Uh oh!

marcin-serwin left a comment

Choose a reason for hiding this comment

Uh oh!

phlip9 commented Feb 21, 2026

Uh oh!

phlip9 commented Feb 21, 2026

Uh oh!

haraldh commented Feb 21, 2026

Uh oh!

phlip9 commented Feb 25, 2026

Uh oh!

phlip9 commented Feb 27, 2026

Updated the aesmd service to fix an issue and cleaned up some old OOT+DCAP compat stuff.

Uh oh!

This comment was marked as outdated.

Uh oh!

mdaniels5757 commented Mar 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mdaniels5757 commented Mar 23, 2026

nixpkgs-review result

x86_64-linux

Uh oh!

phlip9 commented Mar 24, 2026

Uh oh!

mdaniels5757 commented Mar 24, 2026

nixpkgs-review result

x86_64-linux

Uh oh!

Uh oh!

nixpkgs-ci Bot commented Mar 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

phlip9 commented Feb 11, 2026 •

edited

Loading

Updated the `aesmd` service to fix an issue and cleaned up some old OOT+DCAP compat stuff.

mdaniels5757 commented Mar 23, 2026 •

edited

Loading

`nixpkgs-review` result

`x86_64-linux`

`nixpkgs-review` result

`x86_64-linux`