I was evaluating SGX on a E3-1270, with an Intel motherboard (S1200SPO) and BIOS version: https://downloadmirror.intel.com/26334/eng/ReleaseNotes_BIOS_R01.02.0023.txt
I used this code: https://github.com/ayeks/SGX-hardware which confirm that the hardware is SGX is capable, but it's not enabled in the BIOS. I couldn't find a BIOS option to enable SGX and interestingly, there is a comment in the release notes:
03. [EPSD100028435] Delete SGX Option in setup.
Is there some other magic to enable SGX on this intel motherboard/bios ?
Please follow the below mentioned steps to enable the SGX in BIOS
- Go to BIOS Setup page.
- Select “Intel Advanced Menu option” and Press “Enter” key.
- Select “CPU Configuration” and press “Enter” key.
- Select “SW Guard Extensions (SGX) <SW Controlled>” and press “Enter” key.
- Select “Enabled” Option by Up or down arrow keys, press “Enter” key.
- ‘Configuration changed’ message will pop up below.
- Save the settings.
- Restart the machine
Thanks and sorry for the delay--too much turkey on turkey day and all that.
So, we can't find that option in the BIOS and the release notes do say they removed that option. Is there a better place to ask for that BIOS/CPU/MB pairing?
Please check with OEM to provide BIOS to support SGX and also visit you platform manufacturer's website and see if they have a BIOS update for this platform.
There are API's (the enabling and launch control function) that helps you to enable the Intel® SGX device in BIOS are
Thanks for the pointers--things are becoming clearer now. The last wrinkle is that I'm doing this from Linux, not windows. I'm not sure the linux sgx sdk (https://github.com/01org/linux-sgx) has that API call though--on a quick search I didn't see it.
So, do I need to load windows (can this be done in VM?) to call those functions and then use it from linux?