Article ID: 000057420 Content Type: Product Information & Documentation Last Reviewed: 05/10/2022

Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP)?

BUILT IN - ARTICLE INTRO SECOND COMPONENT
Summary

How to determine if a processor with Intel® Software Guard Extensions (Intel® SGX) supports DCAP and FLC

Description

Unable to validate if a processor that supports Intel® Software Guard Extensions (Intel® SGX) also supports Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)

Resolution

If a processor supports Intel® SGX and FLC, it supports DCAP.

There are two options to determine if your system's processor supports FLC:

Option 1
On a Linux* system, execute cpuid in a terminal:

  1. Open a terminal and run: $ cpuid | grep -i sgx
  2. Look for output: SGX_LC: SGX launch config supported = true

Option 2
Use test-sgx.c:

  1. Go to the SGX Hardware Github and download the file test-sgx.c or clone the repository
  2. Compile and run test-sgx.c according to these instructions:
    $ gcc test-sgx.c -o test-sgx
    $ ./test-sgx
  3. Look for output: sgx launch control: 1

FLC support in Intel® Xeon® E systems is also dependent on the BIOS and firmware. The platform must have an Intel® Server Platform Services (Intel® SPS)–based BIOS and firmware. Check with your platform manufacturer to verify if it is SPS-based or not.

Note

CPUID is not sufficient to detect the usability of Intel® Software Guard Extensions (Intel® SGX) on a platform. Read Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications for more details on how to determine if your processor supports Intel® SGX and Intel® SGX is enabled.

Additional information

You can find more information in An update on 3rd Party Attestation.

Intel® SGX DCAP ECDSA Attestation works with the following Intel processors that support FLC:

  • 3rd gen Intel® Xeon® Scalable processors
  • The top three SKUs of the Intel® Xeon® E-21xx family support FLC (E-2174G, E-2176G, E-2186G) on Intel® SPS–based platforms.
  • 8th Generation Intel® Core™ Processor or newer with Flexible Launch Control and Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) support
  • Intel Atom® Processor with Flexible Launch Control and Intel® AES-NI support

The following Intel® NUC Kits support FLC:

Related Products

This article applies to 1 products