Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1490 Discussions

intel_sgx: the CPU is missing SGX;Error: Invalid SGX device.

desk
Beginner
5,856 Views

hello,

OS: Ubuntu* 18.04 LTS Desktop 64bits
Linux Header: linux-headers-5.4.0-42-generic
CPU: Intel(R) Core(TM) i7-10700 CPU 

 

I reproduce the error in SampleEnclave, from the Intel SGX SDK sample code.

$ make SGX_MODE=HW
...
$ ./app
Info: Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards.
Error: Invalid SGX device.
Enter a character before exit ...

The binary is runnable if SampleEnclave is compiled for simulation mode.

$ make SGX_MODE=SIM
...
$ ./app
Checksum(0x0x7ffca1fcc530, 100) = 0xfffd4143
Info: executing thread synchronization, please wait...
Info: SampleEnclave successfully returned.
Enter a character before exit ...

lsmod |grep sgx
isgx 53248 0

dmesg | grep sgx
[ 2.033774] isgx: loading out-of-tree module taints kernel.
[ 2.033820] isgx: module verification failed: signature and/or required key missing - tainting kernel
[ 2.034035] intel_sgx: the CPU is missing SGX

 

 

I reinstalled the SGX SDK, PSW, and driver several times, and it didn't work.

I googled the error message but still couldn't find any viable solution.

Can anyone give me some hints to resolve this issue? I will be grateful for your help.

 

 

0 Kudos
1 Solution
JesusG_Intel
Moderator
5,769 Views

Hello desk,


First, let's check your platform's support for SGX. Send the output from one of the these two options.


Option 1

On a Linux* system, execute cpuid in a terminal:

  1. Open a terminal and run$ cpuid | grep -i sgx


Option 2

Use test-sgx.c:

  1. Go to the SGX Hardware Github and download the file test-sgx.c or clone the repository
  2. Compile and run test-sgx.c according to these instructions:
  3. $ gcc test-sgx.c -o test-sgx
  4. $ ./test-sgx


Look for:

$ cpuid | grep -i sgx

   SGX: Software Guard Extensions supported = true

   SGX_LC: SGX launch config supported   = false

  Software Guard Extensions (SGX) capability (0x12/0):

   SGX1 supported             = true

   SGX2 supported             = false


If SGX support looks good. Uninstall the SGX driver and re-install the latest version.


As root, run the command /opt/intel/sgxdriver/uninstall.sh.


Sincerely,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
7 Replies
desk
Beginner
5,851 Views

I have enabled SGX in BIOS

0 Kudos
ChrisB_Intel
Moderator
5,812 Views

Desk,


Please take a look at page 7 on the guide I have linked below. Please install the packages in the order they are listed, using the steps provided.  


https://download.01.org/intel-sgx/sgx-linux/2.11/docs/Intel_SGX_Installation_Guide_Linux_2.11_Open_Source.pdf


If that doesn't resolve your issues please provide the list of all installed SGX components by running:


$ apt list --installed | grep -i sgx


Thanks

Chris


0 Kudos
desk
Beginner
5,799 Views

hello Chris,

I've used the steps listed to install, but I still can't.

 

the list of all installed SGX components by running:

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

libsgx-ae-epid/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-ae-le/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-ae-pce/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-ae-qe3/unknown,now 1.10.103.1-bionic1 amd64 [installed,automatic]
libsgx-aesm-ecdsa-plugin/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-aesm-epid-plugin/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-aesm-launch-plugin/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-aesm-pce-plugin/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-aesm-quote-ex-plugin/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-enclave-common/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]
libsgx-epid/unknown,now 2.13.103.1-bionic1 amd64 [installed]
libsgx-launch/unknown,now 2.13.103.1-bionic1 amd64 [installed]
libsgx-pce-logic/unknown,now 1.10.103.1-bionic1 amd64 [installed,automatic]
libsgx-qe3-logic/unknown,now 1.10.103.1-bionic1 amd64 [installed,automatic]
libsgx-quote-ex/unknown,now 2.13.103.1-bionic1 amd64 [installed]
libsgx-urts/unknown,now 2.13.103.1-bionic1 amd64 [installed]
sgx-aesm-service/unknown,now 2.13.103.1-bionic1 amd64 [installed,automatic]

 

Thanks

0 Kudos
desk
Beginner
5,788 Views

hello Chris,

Will it be available in windows, but not in Ubuntu on VMware Workstation pro?

Thanks

0 Kudos
desk
Beginner
5,785 Views

hello,

I ran the command on this website:https://github.com/intel/sgx-software-enable

sudo ./sgx_enable
This CPU does not support Intel SGX

I feel very strange.

 

Thanks

0 Kudos
JesusG_Intel
Moderator
5,770 Views

Hello desk,


First, let's check your platform's support for SGX. Send the output from one of the these two options.


Option 1

On a Linux* system, execute cpuid in a terminal:

  1. Open a terminal and run$ cpuid | grep -i sgx


Option 2

Use test-sgx.c:

  1. Go to the SGX Hardware Github and download the file test-sgx.c or clone the repository
  2. Compile and run test-sgx.c according to these instructions:
  3. $ gcc test-sgx.c -o test-sgx
  4. $ ./test-sgx


Look for:

$ cpuid | grep -i sgx

   SGX: Software Guard Extensions supported = true

   SGX_LC: SGX launch config supported   = false

  Software Guard Extensions (SGX) capability (0x12/0):

   SGX1 supported             = true

   SGX2 supported             = false


If SGX support looks good. Uninstall the SGX driver and re-install the latest version.


As root, run the command /opt/intel/sgxdriver/uninstall.sh.


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
5,752 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply