Cannot use 'cpuid' to find the status of sgx

Ruoyu_Y_Intel · ‎06-04-2020

Hi,

I have a nuc with i7-6770HQ processor inside, which said has SGX supported. Using the script here(https://github.com/ayeks/SGX-hardware), i can find sgx enable and supported.

$ ./test-sgx
eax: 506e3 ebx: 5100800 ecx: 7ffafbbf edx: bfebfbff
stepping 3
model 14
family 6
processor type 0
extended model 5
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c6fbf ecx: 0 edx: 9c002400
sgx available: 1
sgx launch control: 0

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1f edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5d80001 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

But when i try to use the 'cpuid' cmd to list these info, it doesn't work. I got NO output for the cmd 'cpuid | grep sgx'. And i already had the sdk, driver and psw installed.
Is there anything wrong with my command or the hardware? Thanks.

JesusG_Intel · ‎06-04-2020

Hello Ruoyu,

Your hardware is fine and it supports SGX. The CPUID command does not explicitly list SGX support. If you look at the code for the program you referenced, you will find that it uses the output from certain registers to determine if SGX is supported.

For example:

native_cpuid(&eax, &ebx, &ecx, &edx);
printf("eax: %x ebx: %x ecx: %x edx: %x\n", eax, ebx, ecx, edx);

printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);

Regards,

ec · ‎08-21-2020

There's but a second problem here:

| Extended feature bits (EAX=07H, ECX=0H)
| eax: 0 ebx: 29c6fbf ecx: 0 edx: 9c002400

EDX has bit 2000h set, which is neither documented in the PDFs available from https://software.intel.com/en-us/articles/intel-sdm and
https://software.intel.com/en-us/intel-architecture-instruction-set-extensions-programming-reference nor the article
https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs

So: where's CPUID(EAX=7h,ECX=0).EDX[13] documented.

JFTR: I see this flag set on a Core i5-9500 with CPUID signature 906ea, i.e. Coffee Lake, too!

JesusG_Intel · ‎08-24-2020

Hello ec,

Since your question is related to processors in general, not SGX, please repost your question in the Processors forum.

Ruoyu_Y_Intel · ‎06-08-2020

Garcia, Jesus L (Intel) wrote:
Hello Ruoyu,
Your hardware is fine and it supports SGX. The CPUID command does not explicitly list SGX support. If you look at the code for the program you referenced, you will find that it uses the output from certain registers to determine if SGX is supported.
For example:
native_cpuid(&eax, &ebx, &ecx, &edx);
printf("eax: %x ebx: %x ecx: %x edx: %x\n", eax, ebx, ecx, edx);

printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);
Regards,

Thanks for your reply! Got it.