Detecting and Enabling Intel® SGX | Intel Software

Detecting and Enabling Intel® SGX | Intel Software


Hi, I’m John
Mechalas with Intel. In this video, we’re going to
discuss detecting and enabling the Intel software guard
extensions, or Intel SGX. Before an application
can use Intel SGX four conditions have to be met. The CPU in that system
must support the Intel SGX instructions. The system BIOS must
support Intel SGX. Intel SGX must be
enabled in the BIOS. And the intellect SGX
platform software, or PSW, must be installed
on that system. Intel SGX was introduced with
the sixth generation Intel Core line of processors and the Intel
Xeon E-3 v-6 server processor. There are three possible
BIOS settings for Intel SGX. Enabled, disabled and a
software controlled setting. Not all BIOS manufacturers
implement all three options, and some may not provide a BIOS
configuration setting at all. The enabled setting
explicitly enables Intel SGX, and the disabled setting
explicitly disables it. The software control option
allows Intel SGX applications to have the BIOS enable it
automatically the next time the system reboots. This software enable function
eliminates the need for users to have to enter their
BIOS set up screen, which can be a daunting and confusing
task for non-technical end users. Note that Intel SGX may
not be available for use by applications even if
it’s supported by the CPU. Applications and
application installers need to be able to detect Intel
SGX availability at runtime, and take appropriate
action based on the system’s configuration. It is extremely important
that applications be robust. Even if an application
requires Intel SGX it should exit gracefully and
display a meaningful error message if it’s not available. A properly written
Intel SGX application must not crash solely because
Intel SGX support is not present on the system
where it’s run. Application installers
should follow this sequence. Detect whether or
not Intel SGX is supported by the CPU and BIOS. Determine whether or not the
platform software package has already been installed, and
install it if it hasn’t. Determine whether or not
Intel SGX has been enabled on the system, and attempt the
software enable if it hasn’t. The applications themselves
follow a slightly different sequence. Determine whether or not
the platform software has been installed. Determine whether or not
until SGX has been enabled, and attempt the software
enable if it hasn’t. If any of these steps
fail, then the system does not support Intel SGX. If the application
requires Intel SGX to run, then an error should be
reported to the user. Proper detection
of into Intel SGX is essential in
enabled applications, and the detection procedure
is more complicated than simply checking for
instruction support on the CPU. To learn more about the
Intel SGX feature detection procedure, and to
view some sample code visit the link below. Be sure to watch the rest of
this playlist to learn more about Intel SGX
application development. And remember to like
this video and subscribe.

5 thoughts to “Detecting and Enabling Intel® SGX | Intel Software”

  1. I wonder if Intel i9-9900X on a Asus X299-Deluxe II Motherboard would play 4k BluRay movies if I plug the motherboard into a 4k monitor, the discrete gpu can't do it I have read.

Leave a Reply

Your email address will not be published. Required fields are marked *