Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1494 Discussions

Software controlled SGX

Grigory_M_
Beginner
‎02-07-2017 11:34 PM
2,489 Views

The BIOS of the motherboard (Asus z170 BIOS 3101) supports software controlled SGX. so, to use the SGX, it should be first activated by the software. I would expect that PSW installer should activate it, however, it does not have that functionality. It also does not export sgx_cap_enable_device/sgx_enable_device functions.

What should be the procedure to activate the SGX in this case? Are there any utilities/UEFI roms to activate it?

Thanks

0 Kudos

Link Copied

8 Replies
AArya2
New Contributor I
‎02-08-2017 06:57 AM
2,489 Views

What's Software Controlled SGX?

(Sorry if the notification gave you the impression that this would be an answer :p)

0 Kudos
Copy link
Francisco_C_Intel
Employee
‎02-08-2017 07:30 AM
2,489 Views

sgx_enable_device is exposed in sgx_uae_service.dll

The SampleEnclave, for example, calls this API. The idea is that the PSW can be installed on systems where SGX isn't yet enabled. End-user applications that will actually use SGX functionality can enable it during their installation (sgx_cap_enable_device), or at runtime (sgx_enable_device).

Note that a restart is required afterwards.

 

0 Kudos
Copy link
Grigory_M_
Beginner
‎02-08-2017 09:40 AM
2,489 Views

Thanks, Francisco!

I was referring to the Linux SGX SDK. Is there any specification of what sgx_enable_device implementation in Windows SGX SDK does, so I could implement that functionality by myself, if no tool exists? 

0 Kudos
Copy link
Francisco_C_Intel
Employee
‎02-08-2017 10:40 AM
2,489 Views

I don't believe so. Can you go to the BIOS and set SGX to ENABLED manually?

0 Kudos
Copy link
Grigory_M_
Beginner
‎02-08-2017 10:42 AM
2,489 Views

The BIOS only contains "software-controlled" SGX, no "Enabled" option.

0 Kudos
Copy link
Rodolfo_S_
New Contributor III
‎02-10-2017 05:02 AM
2,489 Views

Hi, Grigory.

I believe this is still not available on the Linux SDK. What you could do is install a virtual machine with Windows and enable it from there.

0 Kudos
Copy link
Kobi_G_
Beginner
‎04-04-2017 01:24 AM
2,489 Views

Facing the same issue. Have Z170-A, confirmed that SGX exists on the CPU using CPUID, have only "software controlled" option for SGX in the bios. Is "sgx_enable_device" possible to call from Linux yet? Will a VM method even work?

0 Kudos
Copy link
Francisco_C_Intel
Employee
‎06-30-2017 12:18 PM
2,489 Views

Please see

https://github.com/01org/linux-sgx/pull/107

I don't think it's been merged yet, but you should be able to use that to unblock your progress.

Thanks,

Francisco

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.