SGX is deprecated and not available in majority of Sapphire Rapids

Question

SGX is deprecated and not available in majority of Sapphire Rapids

matti opened this issue a year ago · comments

Matti Paksula commented a year ago

Running utils/check-tdx-host.sh gives me

Isn't SGX deprecated? I can't find any place to enable it in Asus Pro WS W790E-SAGE SE latest bios.

This is all "SGX" there is:

And at https://www.intel.com/content/www/us/en/products/sku/233484/intel-xeon-w32423-processor-15m-cache-2-10-ghz/specifications.html

Same with for example https://ark.intel.com/content/www/us/en/ark/products/233481/intel-xeon-w52445-processor-26-25m-cache-3-10-ghz.html

Lu Ken · Answer 1 · Thu Jun 22 2023 10:34:10 GMT+0800 (China Standard Time)

Is this helpful? https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions-processors.html

Matti Paksula · Answer 2 · Thu Jun 22 2023 11:54:47 GMT+0800 (China Standard Time)

@kenplusplus so in other words, are you saying that the majority of sapphire rapids processors are not TDX compatible at all?

Lu Ken · Answer 3 · Thu Jun 22 2023 11:58:14 GMT+0800 (China Standard Time)

@kenplusplus so in other words, are you saying that the majority of sapphire rapids processors are not TDX compatible at all?

Sorry, I do not know the product features definition or timeline. For SGX, I think at least you can refer above official link. TDX feature depends on SGX.

Matti Paksula · Answer 4 · Thu Jun 22 2023 11:58:35 GMT+0800 (China Standard Time)

In this project you consistently refer and point to vague white papers - stop doing this.

Instead, list the concrete CPUs that will support tdx-tools.

Matti Paksula · Answer 5 · Thu Jun 22 2023 12:00:08 GMT+0800 (China Standard Time)

Now if I purchase a CPU from that list then there will be another feature missing on that.

Just list concrete processors that will work and are tested.

Thank you.

Lu Ken · Answer 6 · Thu Jun 22 2023 12:05:19 GMT+0800 (China Standard Time)

In this project you consistently refer and point to vague white papers - stop doing this.

Instead, list the concrete CPUs that will support tdx-tools.

Understand your point, thanks for your feedback. I have no more information about product or feature here. Could you please contact the vendor or sale representee on this?

Matti Paksula · Answer 7 · Thu Jun 22 2023 12:06:54 GMT+0800 (China Standard Time)

Which CPUs are you using to test tdx-tools?

Lu Ken · Answer 8 · Thu Jun 22 2023 12:59:30 GMT+0800 (China Standard Time)

Sorry to bring frustration to you. But I am not the correct person to answer product infomration.
I used the processor followed by What Intel® Xeon Processors Support for Intel® Trust Domain Extensions (Intel® TDX)?

Matti Paksula · Answer 9 · Thu Jun 22 2023 13:01:19 GMT+0800 (China Standard Time)

I am asking for what CPUs is the team using to test tdx-tools internally. It's a reasonable ask.

Lu Ken · Answer 10 · Thu Jun 22 2023 13:09:00 GMT+0800 (China Standard Time)

I am asking for what CPUs is the team using to test tdx-tools internally. It's a reasonable ask.

sorry, I could not share internal information here.

Matti Paksula · Answer 11 · Thu Jun 22 2023 19:24:20 GMT+0800 (China Standard Time)

So only a handful of Xeons might work - for example Intel Xeon Bronze 3408U and Xeon Silver 4410Y

Most of the sapphire rapids cpus just won't work because of the missing SGX.

This is, before I purchase Intel Xeon Bronze 3408U and learn that there is something else missing.

Related #353

Matti Paksula · Answer 12 · Wed Jul 05 2023 22:08:48 GMT+0800 (China Standard Time)

Basically no Sapphire Rapids supports TDX - Emerald Rapids will, see #399