This is a list of hardware which supports Intel SGX - Software Guard Extensions.
The CPU and the motherboard BIOS must support SGX. SGX is turned off by default and must enabled via MSR.IA32_Feature_Control.SGX_Enable. Only the BIOS can make changes to the IA32_Feature_Control.
Use the ark.intel.com database to list all Intel CPUs that have the SGX feature.
Be cautious with the following 2015 i7,i5 and E3 CPUs. According to the Product Change Notification from October 1, 2015. Only the listed CPUs with the following S-Spec Numbers are able to execute SGX instructions. For all other CPUs the Intel CPU database should be correct.
| Marketing Name | Processor# | Post-Conversion S-Spec |
|---|---|---|
| Intel® Core | i7-6700K | SR2L0 |
| Intel® Core | i5-6400T | SR2L1 |
| Intel® Core | i7-6700 | SR2L2 |
| Intel® Core | i7-6700T | SR2L3 |
| Intel® Core | i5-6600K | SR2L4 |
| Intel® Core | i5-6600 | SR2L5 |
| Intel® Core | i5-6500 | SR2L6 |
| Intel® Core | i5-6400 | SR2L7 |
| Intel® Core | i5-6500T | SR2L8 |
| Intel® Core | i5-6600T | SR2L9 |
| Intel® Xeon® | E3-1280 v5 | SR2LC |
| Intel® Xeon® | E3-1240 v5 | SR2LD |
| Intel® Xeon® | E3-1230 v5 | SR2LE |
| Intel® Xeon® | E3-1270 v5 | SR2LF |
| Intel® Xeon® | E3-1220 v5 | SR2LG |
| Intel® Xeon® | E3-1260L v5 | SR2LH |
| Intel® Xeon® | E3-1225 v5 | SR2LJ |
| Intel® Xeon® | E3-1275 v5 | SR2LK |
| Intel® Xeon® | E3-1245 v5 | SR2LL |
| Intel® Xeon® | E3-1235L v5 | SR2LM |
| Intel® Xeon® | E3-1240L v5 | SR2LN |
As per the last comment on this thread, Intel Xeon E3 processors as of today (Jul. 2017) do not have an Intel Manageability Engine. Therefore, the kernel will never be able to expose the device /dev/mei0. What this means in terms of SGX is that Trusted Platform Service Functions (monotonic counters, trusted time) are not available on Xeon E3.
| Vendor | Model | Driver Type | Version | Source | Release Date |
|---|---|---|---|---|---|
| ASRock | E3V5 WS | BIOS | 7.10 | see Issue 13 | 03 February 2017 |
| ASRock | Z270 Extreme 4 | - | - | see Issue 15 | 2017 |
| ASRock | Z370 Gaming ITX | BIOS | 1.4 | see Issue 36 | 2017 |
| MSI | H170 Gaming M3 Board | BIOS | - | see Issue 21 | 4 May 2017 |
| Gigabyte | GA-Z270MX-Gaming 5 | BIOS | F3 | see Issue 20 | 4 May 2017 |
| Gigabyte | Z370 AORUS Ultra Gaming (rev. 1.0) | BIOS | - | see Issue 33 | 30 Nov 2017 |
The following devices should support SGX according to available drivers. Check the detailed information about the supported models on the individual driver sites.
| Vendor | Model | Driver Type | Version | Supported OS | Source | Release Date |
|---|---|---|---|---|---|---|
| Dell | Inspiron 11 i3153, Inspiron 11 i3158, Inspiron 13 i7353, Inspiron 13 i7359, Inspiron 15 i7568 | Chipset Driver | 1.0.26920. 1393, A00 | Windows 8.1 64-bit, Windows 10 64-bit | dell.com | 10 Sep 2015 |
| Dell | Inspiron 15 7000 Series 7559 | BIOS | 1.0.3 | Windows/DOS | dell.com | 09 Oct 2015 |
| HP | HP 240 G4 Notebook PC, HP 246 G4 Notebook PC, HP Notebook 14g, HP Notebook 14q | Chipset | 1.0.26448. 1348 REV: A PASS: 5 | Microsoft Windows 10 64 | ftp.hp.com | 07 Aug 2015 |
| HP | ENVY 15 Notebook PC | Chipset | 1.0.26805. 1389 REV: A PASS: 4 | Windows 10 64bit, Windows 7 Prof. | ftp.hp.com | 17 Aug 2015 |
| HP | HP ENVY x360 Convertible | Chipset | 1.0.26805.1389 REV: A PASS: 5 | Windows 10 64 | ftp.hp.com | 04 Sep 2015 |
| HP | HP Spectre x2 Detachable Ultrabook PC | Chipset | 1.0.26805. 1389 REV: A PASS: 9 | Windows 10 64 | ftp.hp.com | 02 Oct 2015 |
Newer devices have out of the box SGX BIOS support. Sometimes it is mentioned in their documentation. If you have a newer device and see SGX in the BIOS, message me so I can add the device to the list. If you need a SGX capable server have a look at the Intel SGX server block. It consists of a complete server with Xeon processor, ram, mainboard and drives. Driver issues should't be a problem.
| Device | Vendor | Model | Source | Date | Confirmed |
|---|---|---|---|---|---|
| Laptop | Lenovo | ThinkPad P70, P50S, T560, T460p, T460s, T460, X260, X230 | see Issue 7 | 22 May 2016 | P50, T460s, X260, X230 |
| PC | Dell | newer OptiPlex, Latitude, Vostro, Precision | see Issue 5 | 20 Apr 2015 | Precision 7710 |
| Desktop PC | Dell | Optiplex 5040 | dell.com technical-spec-sheet.pdf | 3 Dez 2015 | |
| Laptop | Dell | 2016 XPS 13 | see Issue 12 see Issue 16 | 20 January 2017 | 2016 XPS 13 9560, 9360 |
| Laptop | Dell | Alienware 13 R3 | 30 January 2017 | Alienware 13 R3 (Kaby Lake i7-7700HQ) | |
| Laptop | Dell | Alienware 15 R3 | Riebart | 05 September 2017 | Alienware 15 R3 (Skylake i7-6820HK) |
| Laptop | Dell | Inspiron 5378, 5578, 7378, 7579, 7779 | see Issue 18 | 18 April 2017 | Inspiron 15 5578 2-in-1 with Intel Kabylake 7500U |
| Mini PC | Intel NUC Kit | NUC6i3SYK, NUC6i7KYK, NUC6i5SYK, NUC6i3SYH, NUC6i5SYH, NUC7i3BNH | SGX software for NUC | 30 June 2016 | NUC7i3BNH |
| Compute Stick | Intel Compute Stick | STK2m364CC | see Issue 31 | 12 Nov 2017 | STK2m364CC |
| Laptop | HP | Pavilion 15-ab251ur | see Issue 14 | 18 February 2017 | HP Pavilion 15-ab251ur, CPU i7-6500U |
| Laptop | ASUS | X456UA | see Issue 18 | 18 April 2017 | |
| Workstation | HP | Z2 Mini G3 | see Pull request 19 | 21 April 2017 | HP Z2 Mini G3, CPU Xeon E3-1245 v5 |
| Workstation | HP | HP Z240 Tower Workstation | N51 Ver. 01.54 ] | 16 Mar 2017 | HP Z240 Tower Workstation, Intel(R) Xeon(R) CPU E3-1240 v5 @ 3.50GHz |
| Server | Supermicro | system 5019-MR, mainboard X11SSH-F BIOS 1.0b or 2.0b | Pressrelease see Issue 6 | 19 May 2016 | platform services only on specific ME versions |
Today there is no cloud vendor that allows the execution of Intel SGX enclaves in their environment. Both AWS and Google have CPUs that capable of SGX but the execution is disabled. We discussed that into detail here. According to a Intel forum post Azure discontinued their SGX program also.
The last hope for SGX in the cloud is the IBM Bluemix Cloud Data Guard. Feel free to sign up here and please report back to us if you are able to execute SGX in their environment.
You can check if SGX is enabled on you system with the test_sgx.c. Just compile and run it:
$ gcc test_sgx.c -o test_sgx
$ ./test_sgx
...
Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c6fbf ecx: 0 edx: 0
sgx available: 1
CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 0 ebx: 0 ecx: 0 edx: 0
sgx 1 supported: 0
sgx 2 supported: 0
MaxEnclaveSize_Not64: 0
MaxEnclaveSize_64: 0
...
...
Extended feature bits (EAX=07H, ECX=0H)
eax: 0 ebx: 29c6fbf ecx: 0 edx: 0
sgx available: 1
CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
eax: 1 ebx: 0 ecx: 0 edx: 241f
sgx 1 supported: 1
sgx 2 supported: 0
MaxEnclaveSize_Not64: 1f
MaxEnclaveSize_64: 24
CPUID Leaf 12H, Sub-Leaf 1 of Intel SGX Capabilities (EAX=12H,ECX=1)
eax: 36 ebx: 0 ecx: 1f edx: 0
CPUID Leaf 12H, Sub-Leaf 2 of Intel SGX Capabilities (EAX=12H,ECX=2)
eax: 70200001 ebx: 0 ecx: 2d80001 edx: 0
CPUID Leaf 12H, Sub-Leaf 3 of Intel SGX Capabilities (EAX=12H,ECX=3)
eax: 0 ebx: 0 ecx: 0 edx: 0
CPUID Leaf 12H, Sub-Leaf 4 of Intel SGX Capabilities (EAX=12H,ECX=4)
eax: 0 ebx: 0 ecx: 0 edx: 0
...
Add more hardware to this list via pull requests or simply via issues.