SGX Detect Tool
sgx-detect is an open-source Intel SGX configuration detection and verification tool. To make the sgx-detect tool more easily accessible, binary versions are also available for download. The supported platforms are:
Downloading and Running the Tool
Use one of the links above to download the sgx-detect tool.
chmod +x sgx-detect
./sgx-detectExample Output
$ ./sgx-detect
Detecting SGX, this may take a minute...
✔ SGX instruction set
✔ CPU support
✔ CPU configuration
✔ Enclave attributes
✔ Enclave Page Cache
SGX features
✔ SGX2 ✔ EXINFO ✘ ENCLV ✘ OVERSUB ✔ KSS
Total EPC size: 8192.0MiB
✔ Flexible launch control
✔ CPU support
? CPU configuration
✔ Able to launch production mode enclave
✔ SGX system software
✔ SGX kernel device (/dev/sgx_enclave)
✔ libsgx_enclave_common
✔ AESM service
✔ Able to launch enclaves
✔ Debug mode
✔ Production mode
✔ Production mode (Intel whitelisted)
You're all set to start running SGX programs!
Output Explanation
SGX Features
- SGX2: whether dynamic addition of regular enclave pages to an enclave is supported.
- EXINFO: whether EXtended INFOrmation is provided such as exception information on GP (General Protection Fault) or PF (Page Fault) that occurred inside an enclave.
- ENCLV: whether managing enclaves in a virtualized environment is supported.
- OVERSUB: whether memory oversubscription is supported.
- KSS: whether the Key Separation and Sharing feature are supported.
- Total EPC size: the amount of Enclave Page Cache available for enclaves.
Flexible Launch Control
If Flexible Launch Control is enabled, then launching an enclave that was not signed by Intel is allowed.
SGX System Software
- SGX kernel device: whether a suitable SGX kernel device was detected.
- libsgx_enclave_common: whether the libsgx enclave common library is available.
- AESM service: whether the Application Enclave Services Manager is running.
Comments
Please sign in to leave a comment.