Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Software controlled SGX

Grigory_M_
Beginner
924 Views

The BIOS of the motherboard (Asus z170 BIOS 3101) supports software controlled SGX. so, to use the SGX, it should be first activated by the software. I would expect that PSW installer should activate it, however, it does not have that functionality. It also does not export sgx_cap_enable_device/sgx_enable_device functions.

What should be the procedure to activate the SGX in this case? Are there any utilities/UEFI roms to activate it?

Thanks

0 Kudos
8 Replies
AArya2
New Contributor I
924 Views

What's Software Controlled SGX?

(Sorry if the notification gave you the impression that this would be an answer :p)

Francisco_C_Intel
924 Views

sgx_enable_device is exposed in sgx_uae_service.dll

The SampleEnclave, for example, calls this API. The idea is that the PSW can be installed on systems where SGX isn't yet enabled. End-user applications that will actually use SGX functionality can enable it during their installation (sgx_cap_enable_device), or at runtime (sgx_enable_device).

Note that a restart is required afterwards.

 

Grigory_M_
Beginner
924 Views

Thanks, Francisco!

I was referring to the Linux SGX SDK. Is there any specification of what sgx_enable_device implementation in Windows SGX SDK does, so I could implement that functionality by myself, if no tool exists? 

Francisco_C_Intel
924 Views

I don't believe so. Can you go to the BIOS and set SGX to ENABLED manually?

Grigory_M_
Beginner
924 Views

The BIOS only contains "software-controlled" SGX, no "Enabled" option.

Rodolfo_S_
New Contributor III
924 Views

Hi, Grigory.

I believe this is still not available on the Linux SDK. What you could do is install a virtual machine with Windows and enable it from there.

Kobi_G_
Beginner
924 Views

Facing the same issue. Have Z170-A, confirmed that SGX exists on the CPU using CPUID, have only "software controlled" option for SGX in the bios. Is "sgx_enable_device" possible to call from Linux yet? Will a VM method even work?

Francisco_C_Intel
924 Views

Please see

https://github.com/01org/linux-sgx/pull/107

I don't think it's been merged yet, but you should be able to use that to unblock your progress.

Thanks,

Francisco

 

Reply