I am exploring the Intel Memory Protection Key feature (MPK), also known as PKU or PKEY, applied to the SGX realm.
Technically it should be possible, according to some papers such as:
However, I have a hard time to find an Intel CPU that enables both MPK and SGX.
Can any of you point out some processor with both technologies, either Desktop or Server oriented? If it exists.
According to this https://arxiv.org/pdf/1907.13245.pdf, SGX+MPK CPUs do not exist at all. However, the paper has not been peer-reviewed yet, so maybe there is something missing.
In general, is there any way to search for CPU by features/extension? :D
Last thing: I have a Dell XPS that mounts an Intel(R) Core(TM) i7-7500U. It already has SGX working properly, moreover, the Kernel Linux (4.15) shows pkeys syscalls. However, MPK features seems not working.
If anybody more skilled than me may help, I will very appreciate :)
- General Support
Hello Flavio and AB,
Unfortunately, http://ark.intel.com does not have the capability to search for processors based on the protection keys feature and there remains no good way to search for processors that support this feature. I have been able to gather that Protection Keys were first introduced in Sky Lake servers back in 2015 and have also been implemented in Intel® Core 10th generation processors, which also have Intel® SGX. So, there are CPUs with both Protection Keys and SGX.
You can run the command: cpuinfo | grep pku to check if your CPU supports protection keys.
You can also refer to the Intel® Software Development Manual Volume 3 for more info on Protection Keys. There is even a small section on SGX interaction with Protection Keys:
Search for "Protection Keys." By the way, you will have better luck finding info on Protection Keys if you search for PKU, rather than MPK.
Intel Customer Support