Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

TCB Status always quotes ConfigurationNeeded on i5-8400


My attesting machine has i5-8400 CPU with an FMSPC of 00906EA10000. Looking at the certification with:


curl "" | jq . | less


I see that the best TCB level is "SWHardeningNeeded", the second best is "ConfigurationAndSWHardeningNeeded". My attesting enclave never gets to the best level and is stuck at Configuration Needed.

After reading Intel® SGX Attestation Technical Details, I did the following to comply with the attestation requirements:

  • For HT, I did nothing. The i5-8400 does not have HT.
  • For iGPU: I added a discrete GPU to the machine, and disabled the integrated GPU in the BIOS. lspci -v shows only the discrete GPU.
  • For Voltage MSRs: I activated the Overclocking Lock in the BIOS. Many reddit posts talk about how this setting toggles Bit 20 in the 0x194 MSR. With msr-tools, I confirmed that the Bit 20 is set after toogling this. rdmsr -a 0x194 returns 0x110000 for all CPUs. rdmsr 0x195 fails as this MSR does not exist on this CPU.
  • Update my BIOS to include microcode: sig=0x906ea, pf=0x2, revision=0xf4

Additionally, I found:

  • rdmsr 0xE2 returns 0x1e008000. Bit 15 is set, which according to the Intel Architecture Sw.Dev.Man.Vol.4 corresponds to CFG Lock. 
  • rdmsr 0x1AA returns 0x401cc0. This seems to be associated with power management. I have no good interpretation of that value.
  • If rdmsr 0x150 returns value X, then rdmsr 0x150 still returns value X after wrmsr 0x150 0x0. So writes to 0x150 seem to be blocked.

My TCB level is still ConfigurationAndSWHardeningNeeded after all the steps above.  What do I need to do to lift my TCB Status to SWHardeningNeeded?


0 Kudos
1 Solution

I have doubts about Intel's abilities to support and debug SGX customer issues. I have dropped my SGX deployment plans.

View solution in original post

0 Kudos
2 Replies

More investigations:

Looking at this github comment: it looks as if the MSB must be set on wrmsr 0x150 commands to have any effect. Luckily this github comment gives some examples on how to undervolt.

Further more,  judging by this piece of software, reading back the value from the MSR from register 0x150 after writing to it, indicates success or failure. Reading back a MSR==1 seems to indicate an overclocking lock. Okay, let's try that:

$ rdmsr 0x150
$ wrmsr 0x150 0x80000011f4800000
$ rdmsr 0x150

Judging by that my voltage MSRs are locked. 

I also went through the whole MSR documentation, hunting for everything that locks stuff. I created an script to locks all bits that I could find. All those experiments end the same way. ConfigurationAndSWHardeningNeeded.

I would require feedback on this issue by the end of the week to continue my investments into SGX.

0 Kudos

I have doubts about Intel's abilities to support and debug SGX customer issues. I have dropped my SGX deployment plans.

0 Kudos