Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

How does SGX support BIOS?

KT_L_
Beginner
7,617 Views

Hi ,

If we have some algorithm in BIOS, is it possible to add SGX control in BIOS

And is there any different to build code between Windows AP and BIOS?

0 Kudos
1 Solution
Surenthar_S_Intel
7,617 Views

Hi KT,

We are not supporting SGX in Pre-Boot Environment(UEFI/BIOS). SGX is and was designed to be an Application TEE (which implies an OS is resident). We haven't seen usage models in the pre-boot environment that have justified the effort to resolve some of the difficulties in enabling in Pre-boot, allowing residence from boot, or resetting the TCB recovery infrastructure (which is predominantly hidden from most users) when transitioning between UEFI and OS.

Thanks and Regards,

Surenthar Selvaraj

View solution in original post

0 Kudos
4 Replies
Surenthar_S_Intel
7,617 Views

Hi KT,

BIOS support is required for SGX to provide the capability to enable and configure the SGX feature in the system.
The system owner must opt in to Intel SGX by enabling it via the BIOS. This requires a BIOS from the OEM that explicitly supports Intel SGX. The support provided by the BIOS can very OEM to OEM and even across an OEM’s product lines.

There are three possible BIOS settings.
1. Enabled - Intel SGX is enabled and available for use in applications.
2. Software Controlled - Intel SGX can be enabled by software applications, but it is not available until this occurs (called the “software opt-in”). Enabling Intel SGX via software opt-in may require a system reboot.
3. Disabled - Intel SGX is explicitly disabled and it cannot be enabled through software applications. This setting can only be changed in the BIOS setup screen.

Note: Depending on your BIOS, you may only have the Enabled and Disabled options. Check with your device manufacturer

Could you please refer the below link for further reference

https://software.intel.com/en-us/articles/properly-detecting-intel-software-guard-extensions-in-your-applications

Thanks and Regards,

Surenthar Selvaraj

0 Kudos
KT_L_
Beginner
7,617 Views

Hi Surenthar ,

Thanks for your reply,

My real question is that If we build a special algorithm in the BIOS for preboot.

Can I add SGX in that algorithm? Is it necessary to add SGX in the BIOS algorithm.

If yes, what step and tool chain to do it?

 

B.R  KT

 

0 Kudos
Surenthar_S_Intel
7,618 Views

Hi KT,

We are not supporting SGX in Pre-Boot Environment(UEFI/BIOS). SGX is and was designed to be an Application TEE (which implies an OS is resident). We haven't seen usage models in the pre-boot environment that have justified the effort to resolve some of the difficulties in enabling in Pre-boot, allowing residence from boot, or resetting the TCB recovery infrastructure (which is predominantly hidden from most users) when transitioning between UEFI and OS.

Thanks and Regards,

Surenthar Selvaraj

0 Kudos
KT_L_
Beginner
7,617 Views

Hi Surenthar ,

Thanks for your detail explain. really appreciate,

0 Kudos
Reply