- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm not a developer, or a computer scientist in general, and I've had a problem with an SGX enclave (presumably) that I can't delete on my Dell Latitude 5580 laptop.
The laptop has a 500GB hard disk (more like 499GB) and I was installing the latest version of Debian: Debian 12, on a disk partitioned into 469GB (to host the OS) and an additional 30GB partition for file exchanges. I performed an encrypted installation of these two partitions using Debian's expert mode installer. Everything went smoothly. Then, to complete the installation, I activated the SGX Hardware mode in BIOS-setup. In the administrator account, in order to complete this installation, I installed an open-source driver just as I was mounting the 30GB encrypted partition, and then, in a way I don't understand, my encrypted partition changed and a sort of "phantom" partition appeared on the desktop while my encrypted partition disappeared. This "phantom" partition was impossible to identify in the file tree and impossible to write to or exchange files with. It was not encrypted either (no lock icon). With the "Disk" application, I could see that the physical volume was still 499GB, but for example, booting on a bootable USB key containing Gparted, I could see that only 469GB was indicated as the total volume of the disk; in disagreement with the indications given by "Disk". [...] I carried out complete hardware diagnostics, reinstalled Debian and even Windows, but only on 469GB; 30GB was still "invisible". I was finally able to understand the problem of creating a 30GB enclave (at least that's the only conclusion I came to). How can I remove this 30GB enclave?
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Based on your description, this issue is not related to SGX.
Turning on SGX in BIOS does not automatically make your system more secure. SGX is used by specific applications that have been coded to use SGX explicitly. The SGX applications create enclaves--which live in RAM, not the hard drive--that protect sections of code and data only within the application that is currently executing.
Therefore, turning on SGX in BIOS does not affect system storage at all. It does not create phantom enclaves on your hard drive. When an application uses SGX, the enclaves are created in RAM, not your storage disk.
Since your issue is not related to SGX, this problem is out of our support scope.
You may be able to get help if you post your question on Stackoverflow or Debian forums. To avoid confusion, consider leaving out SGX from the problem description.
Sincerely,
Sahira
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jascolaz,
Thank you for reaching out to Intel Customer Support.
All computer data is stored in bits, using a binary format. Since all computers are based on the binary system, these prefixes represent base 2 amounts. Each level is an increment of 2 to the 10th power, or 1,024.
Hardware storage manufacturers measure 1GB as 1000 MB while operating systems measure 1GB as 1024 MB. This can cause confusion, as you might think that the drive has less capacity than advertised. Additionally, some storage space is reserved for the file system and system files, which further reduces the available space.
This article shows the comparison between the advertised size and OS reported size.
Regards,
Zulkifli
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wow! Excellent joke!
So the same Gparted software first gave me 500GB, then a second time, after the problem described in my first message, 469GB for the entire hard disk, with no additional 30GB partition indicated or present.
In addition, the hard disk was completely erased with the command: $ sudo dd if=/dev/zero of=/dev/sda
Incidentally, I wrote 470GB, not 504,658,657,280 bytes.
So I guess I don't have too many illusions about any help from you. Is that it?
Okay, loud and clear.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
Sorry for the confusion here.
Is there a reason why you enabled Intel SGX Hardware Mode in the BIOS? The 30 GB of unusable space is not an Intel SGX enclave because enabling SGX does not mean an enclave is automatically created.
The 30 GB of unusable space is likely a swap partition (a quick explanation of a swap partition is below). I'm assuming that is what you created when you mention the "additional 30GB partition for file exchanges"?
Can you share the output of swapon -s and sudo gparted
A swap partition is a dedicated part on the drive (defined by the user) that acts as a substitute disk space for RAM memory when RAM fills up and more space is needed. Most people use swap partitions when their system has little RAM, since most applications would exhaust the RAM very quickly. SWAP partitions are used by the OS exclusively and are not available to the user for storage.
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello!
That's all the informations I have.
=> Is there a reason why you enabled Intel SGX Hardware Mode in the BIOS?
After creating the two encrypted LVM partitions (470GB and 30GB) with the Debian 12 installer (in expert mode, which indicated a 500GB hard disk when this OS was first installed; 470GB after this problem), I wanted to increase security by activating SGX with the BIOS-setup (my processor is of the type Intel® Core™ i5-7300HQ (https://ark.intel.com/content/www/us/en/ark/products/97456/intel-core-i57300hq-processor-6m-cache-up-to-3-50-ghz.html)
After disabling SGX via BIOS-setup, I also carried out a Windows 10 installation and again a Debian 12 installation, which still showed a volume of 470GB after this partition problem.
With a bootable US key containing "Gparted" and a "Terminal" application, Gparted indicated a volume of 500GB before the problem appeared, then 470GB after. The hard disk is currently "empty", unformatted (using the bootable USB key, a "Terminal" application available on this key, and running the command: > sudo dd if=/dev/zero of=/dev/sda). There is no partition table (I have tried various tables: gpt, msdos, GUID, etc.; but nothing changes). Unable to resize volume from 470GB to 500GB with Gparted. The lsblk or fdisk -l commands return both a 470GB sda disk, whereas its volume is 500GB. On the second installation of Debian 12 (after this partition problem again), the "Disks" application indicated a volume of 500GB, and the "Gparted" application installed via the "apt-get" command still indicated a volume of 470GB.
I therefore decided to look for a hardware problem linked to SGX and therefore an enclave.
=> The 30 GB of unusable space is likely a swap partition (a quick explanation of a swap partition is below). I'm assuming that is what you created when you mention the "additional 30GB partition for file exchanges"?
Can you share the output of swapon -s and sudo gparted
The > sudo swapon -s command (from Gparted's bootable USB key and using the appended "Terminal" application) returns no indication (again for indication, the sda disk is currently "empty" and unformatted).
=> A swap partition is a dedicated part on the drive (defined by the user) that acts as a substitute disk space for RAM memory when RAM fills up and more space is needed. Most people use swap partitions when their system has little RAM, since most applications would exhaust the RAM very quickly. SWAP partitions are used by the OS exclusively and are not available to the user for storage.
After both Debian 12 installations, the "Disks" application indicated a 1GB swap partition, but now that the disk is "empty" and unformatted, there is no swap partition indicated by Gparted or the lsblk command.
I ran a full hardware diagnostic with the Diagnostic application supplied with the machine and accessible via F12, indicating a volume of 500GB. The test revealed no hardware problems and the disk is in perfect condition, just like everything else.
I cannot see any other solution than a residual sgx enclave implemented by the CPU during the first installation when I did a hardware activation of SGX. But, it may indeed be another reason, but I doubt it more and more.
Sincerely.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Based on your description, this issue is not related to SGX.
Turning on SGX in BIOS does not automatically make your system more secure. SGX is used by specific applications that have been coded to use SGX explicitly. The SGX applications create enclaves--which live in RAM, not the hard drive--that protect sections of code and data only within the application that is currently executing.
Therefore, turning on SGX in BIOS does not affect system storage at all. It does not create phantom enclaves on your hard drive. When an application uses SGX, the enclaves are created in RAM, not your storage disk.
Since your issue is not related to SGX, this problem is out of our support scope.
You may be able to get help if you post your question on Stackoverflow or Debian forums. To avoid confusion, consider leaving out SGX from the problem description.
Sincerely,
Sahira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for your additional information, which clarifies the situation for me.
I therefore close this discussion. Is it also possible to close my account?
Sincerly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jascolaz,
Thank you for the accepted solution. Hope the information we provided was helpful to you.
This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.
Additionally, if you would like to close your account, you can go to "My Settings" > "Personal" > "Close Account" and click the close account button. Hope that it helps, thank you.
Regards,
Ken
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page