Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1539 Discussions

Intel NUC10 SGX FLC Support

Andre7
Beginner
‎05-27-2025 02:29 AM
3,992 Views


I have an Intel NUC10i7FNK2 with BIOS version 0066. I wanted to experiment with Intel SGX and DCAP. As I understand it, in order for a CPU to support DCAP, it must be a recent enough model with Flexible Launch Control (FLC) support, as outlined here: https://www.intel.com/content/www/us/en/support/articles/000057420/software/intel-security-products.html 

To my surprise, after enabling SGX in the BIOS and booting a recent Linux kernel (6.1), I saw the following message in the system logs:

 "SGX disabled: SGX launch control CPU feature is not available, /dev/sgx\_enclave disabled."

This suggests that the CPU (or the CPU/motherboard combination) does not have FLC enabled. Running cpuid confirmed this:

# cpuid | grep -i sgx
      SGX: Software Guard Extensions supported = true
      SGX_LC: SGX launch config supported      = false


I looked through the BIOS settings but couldn’t find any option to enable FLC. I was surprised to discover that an older CPU like the i5-8500T supports FLC, while the newer i7-10710U does not.

Is my understanding correct that FLC is not available on the Intel NUC10i7FNK2?

0 Kudos

Link Copied

2 Replies
Scott_R_Intel
Moderator
‎05-27-2025 07:57 AM
3,938 Views

Hello.

 

Some older client BIOSs used to have a setting named something similar to "SGX Launch Control Policy".  This setting needs to be set to "Unlocked" to enable FLC.  Can you please check your BIOS to see if you have this setting?

 

Regards.

0 Kudos
Copy link
Andre7
Beginner
‎05-27-2025 01:48 PM
3,915 Views
In response to Scott_R_Intel

Hello Scott,

I couldn't find such an option in the BIOS. Under "Security -> Security Features", where the other SGX-related settings are located, there is nothing resembling "SGX Launch Control Policy." The only available options are:

  • Enable/Disable SGX
  • Change the SGX Owner EPOCH
  • Configure the SGX reserved memory size

These options can be seen in the following image (there are no other options under this sub-menu):

20250527_213854.jpg

In response to Scott_R_Intel
0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.