Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX inside a VM

NDei
Beginner
2,498 Views

Hello,

 

I am trying to use SGX inside an Ubuntu 20.04 VM created with either VMWare Workstation 16 Player or Oracle VM Virtualbox (I tried both).

My Host System has Intel i5-8400T CPU, which according to its documentation supports SGX with Intel ME.

 

The installed VMs do not support SGX, with the error message being that the CPU does not support it.

 

When I run $cpuid | grep -i sgx in a terminal the result is

UbuntuSGXError.png

 

I would appreciate any hints or solutions.

Labels (3)
0 Kudos
7 Replies
Anandakumar
New Contributor II
2,478 Views

Hi NDei,

 

Just sharing my experience with SGX VMs here.

 

With QEMU 6.2.0 and kernel 5.13* I was able to launch enclaves. Since you have been working in Ubuntu, you can give a try with QEMU.

 

Thanks

Anand

0 Kudos
Sahira_Intel
Moderator
2,439 Views

Hi,

Make sure SGX is set to enabled or software controlled in the BIOS of the host system. Also make sure you are running Linux kernel 5.13 or later on both the host and  VM. 

See more information here: https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html

0 Kudos
Sahira_Intel
Moderator
2,405 Views

Hi Anand,

The document cannot be updated yet because there's a libvirt patch we are waiting to be upstreamed before we can correct the document. 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

 

Sincerely,

Sahira 

0 Kudos
Anandakumar
New Contributor II
2,397 Views

@Sahira_Intel 

 

The document cannot be updated yet because there's a libvirt patch we are waiting to be upstreamed before we can correct the document. 

 

Is there any issue link to track the update?

 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

 

I hope you are referring this to @NDei .

0 Kudos
Sahira_Intel
Moderator
2,382 Views

Yes, that comment was meant to be a reply to the original post. 

link to track libvirt issue: https://www.spinics.net/linux/fedora/libvir/msg231287.html

 

 

0 Kudos
Sahira_Intel
Moderator
2,383 Views

Hi @NDei 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

Let me know if you have more questions.

 

Sincerely,

Sahira 

0 Kudos
Reply