Hardware Report: Google Cloud Skylake

Question

Hardware Report: Google Cloud Skylake

lacabra opened this issue 6 years ago · comments

Somewhat similar to #37, Google Cloud now also supports Intel Xeon Skylake CPUs with SGX support. The following report was generated from a n1-standard-1 (1 vCPU, 3.75 GB memory) based on Intel Skylake, running Ubuntu 16.04:

eax: 50653 ebx: 20800 ecx: fefa3203 edx: 1f8bfbff
stepping 3
model 5
family 6
processor type 0
extended model 5
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: d19f6ffb ecx: 0 edx: 0
sgx available: 0

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: ff ebx: a80 ecx: a80 edx: 0
sgx 1 supported: 1
sgx 2 supported: 1
MaxEnclaveSize_Not64: 0
MaxEnclaveSize_64: 0

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: f ebx: a00 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 100 ebx: 240 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 40 ebx: 3c0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 40 ebx: 400 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 40 ebx: 440 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 200 ebx: 480 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 400 ebx: 680 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

Lars Lühr · Answer 1 · Sat May 19 2018 13:12:44 GMT+0800 (China Standard Time)

Like on AWS, SGX is disabled on the Google Cloud Plattform too. I will close the issue. Feel free to reopen it at any time.

lacabra · Answer 2 · Tue May 22 2018 01:14:29 GMT+0800 (China Standard Time)

For clarification: I accessed these servers, downloaded and compiled sgx-linux-driver and sgx-linux but they wouldn't install: the driver would not mount, and thus was not available to the SDK, which would complain that SGX was not available when trying to run code inside the enclave.

Hence, these servers are SGX-capable, but SGX is not enabled and not accessible.

Rudi C · Answer 3 · Sat Jul 07 2018 01:38:05 GMT+0800 (China Standard Time)

Google Cloud has open sourced a project to develop enclave applications that explicitly supports SGX, so it's likely just a matter of time before they enable it.

https://cloudplatform.googleblog.com/2018/05/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html

Francois Proulx · Answer 4 · Thu Feb 07 2019 23:44:50 GMT+0800 (China Standard Time)

Google is marketing SGX and launching contest asking for people to demo SGX usage on their cloud
https://cloud.google.com/blog/products/identity-security/advancing-confidential-computing-with-asylo-and-the-confidential-computing-challenge