Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

SGX DCH implementation

Anonymous
Not applicable
‎08-28-2019 08:16 AM
416 Views

My current system:

sgx_psw.inf  version 2.2.100.47975

sgx_base.inf  version 2.3.100.49813

8th gen Intel Core i7 8700K

Windows 10, 64 bit ver. 1903  OS build 18362.295

 

The system is a branded desktop. Even having a paid support account with the OEM, they're untrained to assist with SGX PSW and referred my questions to Intel directly. 

The latest release notes on the download center for the SGX driver indicate my system meets the requirements / pre-requisites. The AESM Service status is running. No component or extension inf's appear to have been installed via OEM updates The Intel UHD graphics 630 display adapter driver installed is 25.20.100.6615 and compliant with the Windows DCH driver model. I'm not aware of known issues with the Windows DCH driver implementation from Intel not delivering other latest drivers.

Yet it is unclear why the SGX PSW inf version that's installed is eight versions older than 2.4.1 

1.) Is it incorrect that versions of SGX PSW will eventually update to a more recent version via Windows Update? 

2.) What system or stability problems could be caused by manually updating either sgx_psw.inf or the sgx_base.inf via Device Manager ?

3.) Wouldn't that method of updating via Device Manager load the drivers using the inf file or the "have disk" option and bypass the Intel set up thereby improperly installing the drivers ?      

 

 

 

0 Kudos

Link Copied

1 Reply
Francisco_C_Intel
Employee
‎09-03-2019 12:28 PM
416 Views

Hi.

The rules used by Windows Update (WU) changed slightly in Windows 1709 aka build 16299 aka RS3:

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/understanding-windows-update-automatic-and-optional-rules-for-driver-distribution

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/using-chids


More generally, it works like this starting in Windows 1709:

A) Windows will prefer to receive and install a driver that was "promoted", even if a newer driver (that isn't promoted) is available on WU.

B) You can go to Device Manager and select to download and install the latest from WU if you want a newer version, if available.

C) The OEM that built your system, if any, can override this such that even if there is a newer version, your OEM can set up its systems to only receive certain updates (controlled by the system's CHID). 

D) You can use Device Manager -> Browse -> Have Disk to install a newer version and override WU / the OEM's preference.

E) If your system is a work system managed by your employer, they can also manage which versions you obtain from WU based on some additional mechanisms.


To answer your specific questions:

1) It is not incorrect. It will eventually happen whenever we submit an updated driver with a "driver promotion" requested and approved.

2) Should work without any issues.

3) It would not improperly install the drivers. Should work without any issues.

 

I hope this helps. Please let me know if you have any additional questions or concerns.

Thanks,

Francisco

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.