Intel SGX2 support

Question

Intel SGX2 support

ayeks opened this issue 6 years ago · comments

Intel SGX 2 related stuff can be discussed in this issue.

I haven't seen a CPU that really is SGX 2 capable yet. Some CPUs return sgx 2 supported: 1 but none of these CPU's can be configured to execute SGX because it cannot be enabled in BIOS (eg. Cloud vendors, MacBooks).

It would be great if someone is able to share information regarding the usage of SGX 2 and the release of SGX2 capable CPU's because I get a few e-mails regarding that topic.

printf("\nCPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)\n");
eax = 0x12;
ecx = 0;
native_cpuid(&eax, &ebx, &ecx, &edx);
printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);

Jia Zhang (乾越) · Answer 1 · Thu Apr 04 2019 11:19:22 GMT+0800 (China Standard Time)

@ayeks Here is a sgx2-capable machine info:

eax: 706a1 ebx: 2400800 ecx: 4ff8ebbf edx: bfebfbff
stepping 1
model 10
family 6
processor type 0
extended model 7
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 2294e287 ecx: 40400004 edx: ac000000
sgx available: 1
sgx launch control: 1

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 3 ebx: 1 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 1
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1b edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5e00001 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

It is known that NUC7CJYH and NUC7PJYH suport sgx2 and launch control.
https://ark.intel.com/content/www/us/en/ark/products/126135/intel-nuc-kit-nuc7cjyh.html
https://ark.intel.com/content/www/us/en/ark/products/126137/intel-nuc-kit-nuc7pjyh.html

It seems that Gemini Lake process supports sgx2.

Note that showing the status of launch control feature is provided by this commit #59.

Lars Lühr · Answer 2 · Sat Apr 13 2019 00:25:46 GMT+0800 (China Standard Time)

@jiazhang0 Thanks a lot for reporting this! Can you specify the device that was used to generate the machine info? Was it the NUC7CJYH or the NUC7PJYH?

Jia Zhang (乾越) · Answer 3 · Sat Apr 13 2019 08:30:29 GMT+0800 (China Standard Time)

@ayeks It is for NUC7CJYH.

Lars Lühr · Answer 4 · Sun Apr 14 2019 15:13:19 GMT+0800 (China Standard Time)

Awesome! Lets create new issues for other SGX2 capable hardware from now on.