Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1370 Discussions

SGX inside a VM

NDei
Beginner
‎06-26-2022 06:26 AM
787 Views

Hello,

 

I am trying to use SGX inside an Ubuntu 20.04 VM created with either VMWare Workstation 16 Player or Oracle VM Virtualbox (I tried both).

My Host System has Intel i5-8400T CPU, which according to its documentation supports SGX with Intel ME.

 

The installed VMs do not support SGX, with the error message being that the CPU does not support it.

 

When I run $cpuid | grep -i sgx in a terminal the result is

UbuntuSGXError.png

 

I would appreciate any hints or solutions.

Labels (3)
Labels:
0 Kudos

Link Copied

7 Replies
Anandakumar
New Contributor II
‎06-27-2022 02:30 AM
767 Views

Hi NDei,

 

Just sharing my experience with SGX VMs here.

 

With QEMU 6.2.0 and kernel 5.13* I was able to launch enclaves. Since you have been working in Ubuntu, you can give a try with QEMU.

 

Thanks

Anand

0 Kudos
Copy link
Sahira_Intel
Moderator
‎06-29-2022 04:14 PM
728 Views

Hi,

Make sure SGX is set to enabled or software controlled in the BIOS of the host system. Also make sure you are running Linux kernel 5.13 or later on both the host and  VM. 

See more information here: https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html

0 Kudos
Copy link
Sahira_Intel
Moderator
‎06-30-2022 03:14 PM
694 Views

Hi Anand,

The document cannot be updated yet because there's a libvirt patch we are waiting to be upstreamed before we can correct the document. 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

 

Sincerely,

Sahira 

0 Kudos
Copy link
Anandakumar
New Contributor II
‎06-30-2022 10:54 PM
686 Views
In response to Sahira_Intel

@Sahira_Intel 

 

The document cannot be updated yet because there's a libvirt patch we are waiting to be upstreamed before we can correct the document. 

 

Is there any issue link to track the update?

 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

 

I hope you are referring this to @NDei .

In response to Sahira_Intel
0 Kudos
Copy link
Sahira_Intel
Moderator
‎07-01-2022 10:34 AM
671 Views
In response to Anandakumar

Yes, that comment was meant to be a reply to the original post. 

link to track libvirt issue: https://www.spinics.net/linux/fedora/libvir/msg231287.html

 

 

In response to Anandakumar
0 Kudos
Copy link
Sahira_Intel
Moderator
‎07-01-2022 10:33 AM
672 Views

Hi @NDei 

Your error about sgx1/2= false is likely to do with SGX being disabled in the BIOS. Did you switch SGX to enabled or software controlled? 

Note that a processor that supports SGX with Intel Management Engine only, will not support it on the M10JNP2S board. 

Let me know if you have more questions.

 

Sincerely,

Sahira 

0 Kudos
Copy link
Reply

For more complete information about compiler optimizations, see our Optimization Notice.