Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Wu__Wan_Jen
Beginner
985 Views

SGX models that support DCAP

Jump to solution

Hi, I'm recently working on a project that needs to use the DCAP service for attestation and am trying to build a FLC-enabled machine, but have had trouble obtaining suitable hardware.

According to official github readmes, DCAP only works with:

1. 8th Generation Intel(R) Core(TM) Processor or newer with Flexible Launch Control and Intel(R) AES New Instructions support*

2. Intel(R) Atom(TM) Processor with Flexible Launch Control and Intel(R) AES New Instructions support*

According to this blog "update on 3rd party attestation", currently only Xeon E processors and NUC hardware(NUC7CJYH / NUC7PJYH) support flexible launch control.

We looked through product specs(i8 and newer, Xeon E) for SGX specific information but found nothing on FLC features; furthermore, there are no mentions on the motherboard requirements for FLC-enabled machines.

We're settling on Xeon E processors but are not sure which hardware combinations satisfy our requirements.

We've been stuck on this for a while, and wonder if anyone has successfully built a FLC-enabled machine or implemented a project with DCAP functionalities? 

0 Kudos

Accepted Solutions
JesusG_Intel
Moderator
782 Views

Hello Igor,


The processor core of the Xeon 2236 and 2288 do support FLC. HOWEVER, the platform and BIOS must enable it so it is not guaranteed that a system with these processors will have FLC enabled. Always check with your OEM when purchasing a platform if it supports SGX and Flexible Launch Control.


View solution in original post

9 Replies
Scott_R_Intel
Employee
985 Views

Hello.

FLC support in Xeon E systems is dependent on the BIOS and firmware.  The platform must have an Intel® Server Platform Services (SPS) based BIOS and firmware.  You must check with your platform OEM to verify if it is SPS based or not.  Also, only the top three SKU's of the Xeon E-21xx family support FLC (E-2174G, E-2176G, E-2186G) on SPS based platforms.

Regards.

Scott

Chen__Feng
Beginner
985 Views

Hi Scott,

 

We have a server with "Intel® Xeon® Processor E3-1270 v5". From its specs here, it is with SPS, but we bought in 2017.

So, can it be used for DCAP service?

 

Thanks,

 

Feng

guan__jixing
Novice
985 Views

u can use cpuid to check if it supports FLC.

> cpuid -r -1

find the 0x00000007 line and content of ecx, if ecx's 2nd bit from left side is 1, it supports FLC.

 

吴__奇泽
Beginner
985 Views

guan, jixing wrote:

u can use cpuid to check if it supports FLC.

> cpuid -r -1

find the 0x00000007 line and content of ecx, if ecx's 2nd bit from left side is 1, it supports FLC.

 

 I used "cpuid -r -1" and out as this .Dose it means my computer  supports FLC ?

 

 

JesusG_Intel
Moderator
985 Views

Hello 吴, 奇泽,

Yes, your processor supports FLC.

Regards,

Jesus

Intel Customer Support

IgorTurovsky
Employee
855 Views

 Hi teams, pls clarify Xeon E 2236 and Xeon E 2288 support FLC or not?

Tags (3)
JesusG_Intel
Moderator
783 Views

Hello Igor,


The processor core of the Xeon 2236 and 2288 do support FLC. HOWEVER, the platform and BIOS must enable it so it is not guaranteed that a system with these processors will have FLC enabled. Always check with your OEM when purchasing a platform if it supports SGX and Flexible Launch Control.


View solution in original post

JesusG_Intel
Moderator
763 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


JesusG_Intel
Moderator
759 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.