Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Cannot use 'cpuid' to find the status of sgx

Ruoyu_Y_Intel
Employee
1,947 Views

Hi,

I have a nuc with i7-6770HQ processor inside, which said has SGX supported. Using the script here(https://github.com/ayeks/SGX-hardware), i can find sgx enable and supported.

$ ./test-sgx
eax: 506e3 ebx: 5100800 ecx: 7ffafbbf edx: bfebfbff
stepping 3
model 14
family 6
processor type 0
extended model 5
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c6fbf ecx: 0 edx: 9c002400
sgx available: 1
sgx launch control: 0

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1f edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5d80001 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

But when i try to use the 'cpuid' cmd to list these info, it doesn't work. I got NO output for the cmd 'cpuid | grep sgx'. And i already had the sdk, driver and psw installed.
Is there anything wrong with my command or the hardware? Thanks.

0 Kudos
4 Replies
JesusG_Intel
Moderator
1,947 Views

Hello Ruoyu,

Your hardware is fine and it supports SGX. The CPUID command does not explicitly list SGX support. If you look at the code for the program you referenced, you will find that it uses the output from certain registers to determine if SGX is supported. 

For example:

native_cpuid(&eax, &ebx, &ecx, &edx);
printf("eax: %x ebx: %x ecx: %x edx: %x\n", eax, ebx, ecx, edx);

printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);

Regards,

0 Kudos
ec
Beginner
1,896 Views

There's but a second problem here:

| Extended feature bits (EAX=07H, ECX=0H)
| eax: 0 ebx: 29c6fbf ecx: 0 edx: 9c002400

EDX has bit 2000h set, which is neither documented in the PDFs available from https://software.intel.com/en-us/articles/intel-sdm and
https://software.intel.com/en-us/intel-architecture-instruction-set-extensions-programming-reference nor the article
https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs

So: where's CPUID(EAX=7h,ECX=0).EDX[13] documented.

JFTR: I see this flag set on a Core i5-9500 with CPUID signature 906ea, i.e. Coffee Lake, too!

0 Kudos
JesusG_Intel
Moderator
1,874 Views

Hello ec,

Since your question is related to processors in general, not SGX, please repost your question in the Processors forum.

0 Kudos
Ruoyu_Y_Intel
Employee
1,947 Views

Garcia, Jesus L (Intel) wrote:

Hello Ruoyu,

Your hardware is fine and it supports SGX. The CPUID command does not explicitly list SGX support. If you look at the code for the program you referenced, you will find that it uses the output from certain registers to determine if SGX is supported. 

For example:

native_cpuid(&eax, &ebx, &ecx, &edx);
printf("eax: %x ebx: %x ecx: %x edx: %x\n", eax, ebx, ecx, edx);

printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);

Regards,

Thanks for your reply! Got it.

0 Kudos
Reply