Intel SGX2 support

[ayeks]

Intel SGX 2 related stuff can be discussed in this issue.

I haven't seen a CPU that really is SGX 2 capable yet. Some CPUs return sgx 2 supported: 1 but none of these CPU's can be configured to execute SGX because it cannot be enabled in BIOS (eg. Cloud vendors, MacBooks).

It would be great if someone is able to share information regarding the usage of SGX 2 and the release of SGX2 capable CPU's because I get a few e-mails regarding that topic.

printf("\nCPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)\n");
eax = 0x12;
ecx = 0;
native_cpuid(&eax, &ebx, &ecx, &edx);
printf("sgx 1 supported: %d\n", eax & 0x1);
printf("sgx 2 supported: %d\n", (eax >> 1) & 0x1);
printf("MaxEnclaveSize_Not64: %x\n", edx & 0xFF);
printf("MaxEnclaveSize_64: %x\n", (edx >> 8) & 0xFF);

[jiazhang0]

@ayeks Here is a sgx2-capable machine info:

eax: 706a1 ebx: 2400800 ecx: 4ff8ebbf edx: bfebfbff
stepping 1
model 10
family 6
processor type 0
extended model 7
extended family 0
smx: 0

Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 2294e287 ecx: 40400004 edx: ac000000
sgx available: 1
sgx launch control: 1

CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 3 ebx: 1 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 1
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24

CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1b edx: 0

CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 5e00001 edx: 0

CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 5 of Intel SGX Capabilities (EAX=12H,ECX=5)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 6 of Intel SGX Capabilities (EAX=12H,ECX=6)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 7 of Intel SGX Capabilities (EAX=12H,ECX=7)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 8 of Intel SGX Capabilities (EAX=12H,ECX=8)
eax: 0 ebx: 0 ecx: 0 edx: 0

CPUID Leaf 12H, Sub-Leaf 9 of Intel SGX Capabilities (EAX=12H,ECX=9)
eax: 0 ebx: 0 ecx: 0 edx: 0

It is known that NUC7CJYH and NUC7PJYH suport sgx2 and launch control.
https://ark.intel.com/content/www/us/en/ark/products/126135/intel-nuc-kit-nuc7cjyh.html
https://ark.intel.com/content/www/us/en/ark/products/126137/intel-nuc-kit-nuc7pjyh.html

It seems that Gemini Lake process supports sgx2.

Note that showing the status of launch control feature is provided by this commit #59.

[ayeks]

@jiazhang0 Thanks a lot for reporting this! Can you specify the device that was used to generate the machine info? Was it the NUC7CJYH or the NUC7PJYH?

[jiazhang0]

@ayeks It is for NUC7CJYH.

[ayeks]

Awesome! Lets create new issues for other SGX2 capable hardware from now on.