Hi Scott,

I am uncertain the exact cause of unexpected value (clear bit) in the SGX feature bit with CPUID in my case.

Could you elaborate a little bit more the symptom(s) of OEM/ODM enabling/disabling? Does the software refer to the "Intel SGX evaluation SDK" as at this writing? How can one determine if a platform/BIOS has enabled/disabled SGX?

Regards,

Jeremy

Thanks Simon. The SGX feature bit (CPUID.07H.EBX.SGX[bit 2]) changed from 0 to 1 after applying December firmware update of Microsoft.

     EAX ECX      EAX      EBX      ECX      EDX
       0   0       15 756e6547 6c65746e 49656e69
       1   0    406e3  1100800 fed87383 bfcbfbff
       4   0 1c004121  1c0003f       3f        0
       4   1 1c004122  1c0003f       3f        0
       4   2 1c004143   c0003f      3ff        0
       4   3 1c03c163  2c0003f      fff        2
       4   4        0        0        0        0
       5   0        0        0        0        0
       6   0      7f3        2        9        0
       7   0        0   1c2bbf        0        0
       9   0        0        0        0        0
       a   0        0        0        0        0
       b   0        1        2      100        1
       b   1        4        4      201        1
       b   2        0        0        2        1
       c   0        0        0        0        0
       d   0        7      340      340        0
       d   1        1        0        0        0
       d   2      100      240        0        0
       d   3        0        0        0        0
       d   4        0        0        0        0
       f   0        0        0        0        0
       f   1        0        0        0        0
      10   0        0        0        0        0
      10   1        0        0        0        0
      14   0        0        0        0        0
      14   1        0        0        0        0
      15   0        2       d0        0        0
80000000   0 80000008        0        0        0
80000001   0        0        0      121 28100800
80000002   0 65746e49 2952286c 726f4320 4d542865
80000003   0 35692029 3033362d 43205530 40205550
80000004   0 342e3220 7a484730        0        0
80000006   0        0        0  1006040        0
80000007   0        0        0        0      100
80000008   0     3027        0        0        0
 

Jeremy, is it a Microsoft Surface you are using?

Fredrik,

Microsoft Surface Pro 4 (freeze, flicker, features missing......). How come you make such a good guess?

Am I detecting any irony there? :)

Firmware update by Microsoft -> the only computers Microsoft provides are the surface models, right?

So what you have achieved is fixing the processor support for SGX. My internal sources tell me that Surface Pro 4 did not enable SGX in their BIOS (i.e. reserve the memory for SGX use). You will need to confirm this with MSFT.

Simon, thank you for the further reply. My next question is existing zero result of CPUID.0CH (both sgx1 and sgx2 are zero, but Skylake should support sgx1). I can save it now. I'll try to obtain confirmation from Microsoft Surface support...

Fredrik, I am not aware that Surface is the only computer sold by Microsoft. Thanks for teaching.

I think you meant to say CPUID.12H not CPUID.0CH

Section 37.7.2 of the Software Developer Manual states "A properly configured processor exposes Intel SGX functionality with CPUID.EAX=12H reporting valid information (non-zero content) in three or more sub-leaves, see Table 37-4."

What this means is that once the BIOS has completed the necessary configuration this CPUID leaf is available. All zeros returned in EAX means that your BIOS is probably not configured to support SGX.