Solved: SGX models that support DCAP

Wu__Wan_Jen · ‎08-26-2019

Hi, I'm recently working on a project that needs to use the DCAP service for attestation and am trying to build a FLC-enabled machine, but have had trouble obtaining suitable hardware.

According to official github readmes, DCAP only works with:

1. 8th Generation Intel(R) Core(TM) Processor or newer with Flexible Launch Control and Intel(R) AES New Instructions support*

2. Intel(R) Atom(TM) Processor with Flexible Launch Control and Intel(R) AES New Instructions support*

According to this blog "update on 3rd party attestation", currently only Xeon E processors and NUC hardware(NUC7CJYH / NUC7PJYH) support flexible launch control.

We looked through product specs(i8 and newer, Xeon E) for SGX specific information but found nothing on FLC features; furthermore, there are no mentions on the motherboard requirements for FLC-enabled machines.

We're settling on Xeon E processors but are not sure which hardware combinations satisfy our requirements.

We've been stuck on this for a while, and wonder if anyone has successfully built a FLC-enabled machine or implemented a project with DCAP functionalities?

JesusG_Intel · ‎08-20-2020

Hello Igor,

The processor core of the Xeon 2236 and 2288 do support FLC. HOWEVER, the platform and BIOS must enable it so it is not guaranteed that a system with these processors will have FLC enabled. Always check with your OEM when purchasing a platform if it supports SGX and Flexible Launch Control.

View solution in original post

Scott_R_Intel · ‎09-03-2019

Hello.

FLC support in Xeon E systems is dependent on the BIOS and firmware. The platform must have an Intel® Server Platform Services (SPS) based BIOS and firmware. You must check with your platform OEM to verify if it is SPS based or not. Also, only the top three SKU's of the Xeon E-21xx family support FLC (E-2174G, E-2176G, E-2186G) on SPS based platforms.

Regards.

Scott

Chen__Feng · ‎10-07-2019

Hi Scott,

We have a server with "Intel® Xeon® Processor E3-1270 v5". From its specs here, it is with SPS, but we bought in 2017.

So, can it be used for DCAP service?

Thanks,

Feng

guan__jixing · ‎10-11-2019

u can use cpuid to check if it supports FLC.

> cpuid -r -1

find the 0x00000007 line and content of ecx, if ecx's 2nd bit from left side is 1, it supports FLC.

吴__奇泽 · ‎05-19-2020

guan, jixing wrote:
u can use cpuid to check if it supports FLC.
> cpuid -r -1
find the 0x00000007 line and content of ecx, if ecx's 2nd bit from left side is 1, it supports FLC.

I used "cpuid -r -1" and out as this .Dose it means my computer supports FLC ?

JesusG_Intel · ‎05-19-2020

Hello 吴, 奇泽,

Yes, your processor supports FLC.

Regards,

Jesus

Intel Customer Support

IgorTurovsky · ‎08-06-2020

Hi teams, pls clarify Xeon E 2236 and Xeon E 2288 support FLC or not?

JesusG_Intel · ‎08-20-2020

Hello Igor,

The processor core of the Xeon 2236 and 2288 do support FLC. HOWEVER, the platform and BIOS must enable it so it is not guaranteed that a system with these processors will have FLC enabled. Always check with your OEM when purchasing a platform if it supports SGX and Flexible Launch Control.

View solution in original post

JesusG_Intel · ‎08-26-2020

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.

JesusG_Intel · ‎08-26-2020

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.