Can't install Enclave on AWS Graviton2 processors

Hal · 27 May 2021 16:18

New user asks: I cannot install Enclave on an AWS EC2 Graviton2 instance running Ubuntu 20.04.2 LTS. I get an error message telling me Unable to load shared library 'libsodium'

$ curl -fsSL https://packages.enclave.io/apt/enclave.stable.gpg | sudo apt-key add
$ curl -fsSL https://packages.enclave.io/apt/enclave.stable.list | sudo tee /etc/apt/sources.list.d/enclave.stable.list
$ sudo apt-get install enclave
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  enclave
0 upgraded, 1 newly installed, 0 to remove and 27 not upgraded.
Need to get 24.8 MB of archives.
After this operation, 108 MB of additional disk space will be used.
Get:1 https://packages.enclave.io/apt stable/main arm64 enclave arm64 2021.05.12.677 [24.8 MB]
Fetched 24.8 MB in 1s (24.0 MB/s)
Selecting previously unselected package enclave.
(Reading database ... 62831 files and directories currently installed.)
Preparing to unpack .../enclave_2021.05.12.677_arm64.deb ...
Unpacking enclave (2021.05.12.677) ...
Setting up enclave (2021.05.12.677) ...
Created symlink /etc/systemd/system/multi-user.target.wants/enclave.service â /lib/systemd/system/enclave.service.

Enclave requires an enrolment key in order to request a certificate and enrol this system into your account.
Enter enrolment key: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Generating new private key ... Failed.

Unable to load shared library 'libsodium' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: liblibsodium: cannot open shared object file: No such file or directory

Installation successful, but failed to enrol your system.

Run 'sudo enclave enrol' to try again.

alistair-enclave · 1 June 2021 13:09

The AWS EC2 Graviton instances run on ARM processors. While Enclave itself does support ARM, the underlying libsodium cryptography distribution we use in version 2021.05.12 does not directly include arm64 bindings.

The next release of Enclave will use a corrected libsodium distribution, but in the meantime you can run:

sudo apt install libsodium-dev

This will directly installed the required dependency, built for the Graviton’s processor architecture.

You can then run:

sudo enclave enrol

to finish enrolling your system.