SGX Detect Tool

SGX Detect Tool

sgx-detect is an open-source Intel SGX configuration detection and verification tool. To make the sgx-detect tool more easily accessible, binary versions are also available for download. The supported platforms are:

Ubuntu 16.04


Ubuntu 18.04


Ubuntu 20.04


Ubuntu 22.04


CentOS 7/RHEL 7


CentOS 8/RHEL 8


Downloading and Running the Tool

Use one of the links above to download the sgx-detect tool.

chmod +x sgx-detect

Example Output

$ ./sgx-detect
   Detecting SGX, this may take a minute...
   ✔  SGX instruction set
     ✔  CPU support
     ✔  CPU configuration
     ✔  Enclave attributes
     ✔  Enclave Page Cache
     SGX features
       ✔  SGX2  ✔  EXINFO  ✘  ENCLV  ✘  OVERSUB  ✔  KSS
       Total EPC size: 8192.0MiB
   ✔  Flexible launch control
     ✔  CPU support
     ? CPU configuration
     ✔  Able to launch production mode enclave
   ✔  SGX system software
     ✔  SGX kernel device (/dev/sgx_enclave)
     ✔  libsgx_enclave_common
     ✔  AESM service
     ✔  Able to launch enclaves
       ✔  Debug mode
       ✔  Production mode
       ✔  Production mode (Intel whitelisted)
   You're all set to start running SGX programs!

Output Explanation

SGX Features

  • SGX2: whether dynamic addition of regular enclave pages to an enclave is supported.
  • EXINFO: whether EXtended INFOrmation is provided such as exception information on GP (General Protection Fault) or PF (Page Fault) that occurred inside an enclave.
  • ENCLV: whether managing enclaves in a virtualized environment is supported.
  • OVERSUB: whether memory oversubscription is supported.
  • KSS: whether the Key Separation and Sharing feature are supported.
  • Total EPC size: the amount of Enclave Page Cache available for enclaves.

Flexible Launch Control

If Flexible Launch Control is enabled, then launching an enclave that was not signed by Intel is allowed.

SGX System Software

  • SGX kernel device: whether a suitable SGX kernel device was detected.
  • libsgx_enclave_common: whether the libsgx enclave common library is available.
  • AESM service: whether the Application Enclave Services Manager is running.



Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful