Mnelson modernize 03

.gitignore

@@ -0,0 +1,3 @@
+test-sgx
+*.exe
+*.obj

Makefile

@@ -0,0 +1,21 @@
+###############################################################################
+### test-sgx
+###
+### A command line based SGX feature enumeration tool
+###
+### @see     https://www.gnu.org/software/make/manual/make.html
+###
+### @file    Makefile
+### @author  Mark Nelson [email protected]>
+###############################################################################
+
+TARGET=test-sgx
+
+test-sgx: cpuid.c test-sgx.c rdmsr.c
+	gcc -Wl,--no-as-needed -Wall -Wextra -Wpedantic -masm=intel -o ${TARGET} -lcap cpuid.c rdmsr.c test-sgx.c
+
+test: ${TARGET}
+	./${TARGET}
+
+clean:
+	rm -fr ${TARGET} *.o *.obj *.exe

README.md

@@ -1,5 +1,5 @@
 # SGX-hardware list
-This is a list of hardware which supports Intel SGX - Software Guard Extensions. 
+This is a list of hardware which supports Intel SGX - Software Guard Extensions.
 
 [![Build Status](https://travis-ci.org/ayeks/SGX-hardware.svg?branch=master)](https://travis-ci.org/ayeks/SGX-hardware)
 
@@ -75,7 +75,7 @@ The following sgx_tservice functions are not available:
 | MSI | Z370-A PRO | Bios update required | - | [see Issue 56](https://github.com/ayeks/SGX-hardware/issues/56) | 28 Dec 2018 |
 | ASRock | Z390 Pro 4 | BIOS | 4.3 | [see Issue 64](https://github.com/ayeks/SGX-hardware/issues/64) | 16 Sep 2019 |
 
-## Notebooks 
+## Notebooks
 
 The following devices should support SGX according to available drivers. Check the detailed information about the supported models on the individual driver sites.
 
@@ -143,14 +143,19 @@ Both [AWS](https://github.com/ayeks/SGX-hardware/issues/37) and [Google](https:/
 | Vendor | Servicename | CPU SGX capable | SGX activated in BIOS | Date | Source |
 |--------|-------------|-----------------|-----------------------|------|-----------|
 | AWS | EC2 C5 instances | YES, SGX1 and SGX2 | NO, SGX not activated in BIOS | Apr 2018 | [Issue 37](https://github.com/ayeks/SGX-hardware/issues/37) |
-| Azure | [Azure Confidential Computing Public Preview](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoft-azure-compute.confidentialcompute?tab=Overview) | YES, SGX1 | YES, SGX1 | Oct 2018 | [Blog](https://azure.microsoft.com/en-us/blog/protect-data-in-use-with-the-public-preview-of-azure-confidential-computing/) |
+| Azure | [Azure Confidential Computing](https://learn.microsoft.com/en-us/azure/confidential-computing/quick-create-portal) | YES, SGX1 | YES, SGX1 | Oct 2023 | [Blog](https://azure.microsoft.com/en-us/blog/protect-data-in-use-with-the-public-preview-of-azure-confidential-computing/) |
 | Google | N1 instances | YES, SGX1 and SGX2 | NO, SGX not activated in BIOS | Apr 2018 | [Issue 38](https://github.com/ayeks/SGX-hardware/issues/38) |
 | IBM | [IBM Cloud Bare Metal Instances](https://www.ibm.com/blogs/bluemix/2018/05/data-use-protection-ibm-cloud-using-intel-sgx/) | YES, unknown version | YES | May 2018 | [Issue 46](https://github.com/ayeks/SGX-hardware/issues/46) |
 | packet.net | [Reserved Hardware](https://www.packet.com/cloud/all-features/) | YES, SGX1 | YES | Apr 2018 | [Issue 44](https://github.com/ayeks/SGX-hardware/issues/44) |
 | Alibaba Cloud | [ECS Bare Metal Instance](https://www.alibabacloud.com/product/ebm) | YES, unknown version | YES | Sep 2018 | [Docs](https://www.alibabacloud.com/help/doc-detail/60576.html), [Issue 50](https://github.com/ayeks/SGX-hardware/issues/50) |
 | OVHcloud  | [Infrastructure Dedicated Servers](https://www.ovh.com/ca/en/dedicated-servers/infra/) | YES, unknown version | YES | Sep 2019 | [Docs](https://www.ovh.ie/dedicated_servers/software-guard-extensions/), [Issue 66](https://github.com/ayeks/SGX-hardware/issues/66) |
 | Alibaba Cloud | ECS Security-enhanced family (public preview) | YES, SGX2 | YES | July 2021 | [Docs](https://www.alibabacloud.com/help/en/doc-detail/207734.htm) |
 
+Notes:
+- [As of 10 November 2022, the IBM Cloud Data Shield service is deprecated](https://www.ibm.com/blog/announcement/ibm-cloud-data-shield-deprecation/)
+- [As of 10 Jan 2023, IBM Bare Metal still supports SGX (but I haven't tested it yet)](https://cloud.ibm.com/docs/bare-metal?topic=bare-metal-bm-server-provision-sgx)
+- [IBM](https://www.ibm.com/products/bare-metal-servers/classic)
+
 ## Device with a SGX CPU, but no BIOS support
 
 The following devices have a SGX capable CPU included, but don't have the required BIOS settings. So you cannot execute SGX instructions on those devices. **Do NOT buy for SGX development:**
@@ -164,30 +169,36 @@ The following devices have a SGX capable CPU included, but don't have the requir
 | Laptop | Microsoft | Surface Book 2 | [Issue 52](https://github.com/ayeks/SGX-hardware/issues/52) | 26 Sep 2018 |
 | Laptop | Razer | Blade (2016) | [Issue 60](https://github.com/ayeks/SGX-hardware/issues/60) | 6 Jul 2019 |
 
-## Test SGX
+## Compile `test-sgx`
+
+You can check if SGX is enabled on you system with `test_sgx.c`. Just compile and run it:
+
+- Linux / gcc 13.1
+```
+gcc -Wl,--no-as-needed -Wall -Wextra -Wpedantic -masm=intel -o test-sgx -lcap cpuid.c rdmsr.c test-sgx.c```
+
+- Windows 11 / Visual Studio 2022 (x64 Native Tools)
+```
+cl test-sgx.c cpuid.c rdmsr.c
+```
 
-You can check if SGX is enabled on you system with the test_sgx.c. Just compile and run it:
+- MacOS / Clang 15
 ```
-$ gcc test-sgx.c -o test-sgx
-$ ./test-sgx
+clang -Wall -Wextra -Wpedantic -masm=intel -std=c2x -Wno-gnu-binary-literal -o test-sgx cpuid.c rdmsr.c test-sgx.c
 ```
 
 See [Issue 17](https://github.com/ayeks/SGX-hardware/issues/17) for the execution in Visual Studio.
 
+
 ### SGX is available for your CPU but not enabled in BIOS
 eg. on [2017 MacBook Pro's](https://github.com/ayeks/SGX-hardware/issues/26)
 ```
 ...
-Extended feature bits (EAX=07H, ECX=0H)
-eax: 0 ebx: 29c6fbf ecx: 0 edx: 0
-sgx available: 1
-
-CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
-eax: 0 ebx: 0 ecx: 0 edx: 0
-sgx 1 supported: 0
-sgx 2 supported: 0
-MaxEnclaveSize_Not64: 0
-MaxEnclaveSize_64: 0
+Supports SGX
+SGX Launch Configuration (SGX_LC): 1
+SGX Attestation Services (SGX_KEYS): 0
+SGX1 leaf instructions (SGX1): 0
+SGX2 leaf instructions (SGX2): 0
 ...
 ```
 
@@ -196,37 +207,62 @@ Eg. on [public clouds](https://github.com/ayeks/SGX-hardware/issues/37) or [2015
 
 ```
 ...
-Extended feature bits (EAX=07H, ECX=0H)
-eax: 0 ebx: d19f4fbb ecx: 8 edx: 0
-sgx available: 0
-
-CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
-eax: 2ff ebx: a80 ecx: a88 edx: 0
-sgx 1 supported: 1
-sgx 2 supported: 1
-MaxEnclaveSize_Not64: 0
-MaxEnclaveSize_64: 0
-...
+Does not support SGX
 ```
 
-### SGX is available for your CPU and enabled in BIOS
+### SGX1 is available for your CPU and enabled in BIOS
 ```
-...
-Extended feature bits (EAX=07H, ECX=0H)
-eax: 0 ebx: 29c6fbf ecx: 0 edx: 0
-sgx available: 1
-
-CPUID Leaf 12H, Sub-Leaf 0 of Intel SGX Capabilities (EAX=12H,ECX=0)
-eax: 1 ebx: 0 ecx: 0 edx: 241f
-sgx 1 supported: 1
-sgx 2 supported: 0
-MaxEnclaveSize_Not64: 1f
-MaxEnclaveSize_64: 24
-...
+Start test-sgx
+CPUID is available
+The CPU is Genuine Intel
+CPUID is capable of examining SGX capabilities
+CPU: Intel(R) Xeon(R) E-2288G CPU @ 3.70GHz
+  Stepping 13        Model 14           Family 6
+  Processor type 0   Extended model 9   Extended family 0
+Safer Mode Extensions (SMX): 0
+Extended feature bits (EAX=7, ECX=0): eax: 00000000  ebx: 009c6fbd  ecx: 40000000  edx: 20000400
+Supports SGX
+SGX Launch Configuration (SGX_LC): 1
+SGX Attestation Services (SGX_KEYS): 0
+SGX1 leaf instructions (SGX1): 1
+SGX2 leaf instructions (SGX2): 0
+EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT (OVERSUB-VMX): 0
+ETRACKC, ERDINFO, ELDBC, and ELDUC (OVERSUB-Supervisor): 0
+EVERIFYREPORT2: 0
+Allow attestation w/ updated microcode (EUPDATESVN): 0
+Allow enclave thread to decrement TCS.CSSA (EDECCSSA): 1
+Supported Extended features for MISC region of SSA (MISCSELECT) 0x00000000
+The maximum supported enclave size in non-64-bit mode is 2^31
+The maximum supported enclave size in     64-bit mode is 2^36
+Raw ECREATE SECS.ATTRIBUTES[63:0]: 00000000 00000436
+    ECREATE SECS.ATTRIBUTES[DEBUG] (Debugger can read/write enclave data w/ EDBGRD/EDBGWR): 1
+    ECREATE SECS.ATTRIBUTES[MODE64BIT] (Enclave can run as 64-bit): 1
+    ECREATE SECS.ATTRIBUTES[PROVISIONKEY] (Provisioning key available from EGETKEY): 1
+    ECREATE SECS.ATTRIBUTES[EINITTOKEN_KEY] (EINIT token key available from EGETKEY): 1
+    ECREATE SECS.ATTRIBUTES[CET] (Enable Control-flow Enforcement Technology in enclave): 0
+    ECREATE SECS.ATTRIBUTES[KSS] (Key Separation and Sharing Enabled): 0
+    ECREATE SECS.ATTRIBUTES[AEXNOTIFY] (Threads may receive AEX notifications): 1
+Raw ECREATE SECS.ATTRIBUTES[127:64] (XFRM: Copy of XCR0): 00000000 0000001f
+EPC[0]: Protection: ci  Base phys addr: 00000001c0000000  size: 0000000001c00000
+Raw IA32_FEATURE_CONTROL: 0000000000060001
+    IA32_FEATURE_CONTROL.LOCK_BIT[bit 0]: 1
+    IA32_FEATURE_CONTROL.SGX_LAUNCH_CONTROL[bit 17] (Is the SGX LE PubKey writable?): 1
+    IA32_FEATURE_CONTROL.SGX_GLOBAL_ENABLE[bit 18]: 1
+The SGX Launch Enclave Public Key Hash can be changed
+IA32_SGXLEPUBKEYHASH: a6053e051270b7ac 6cfbe8ba8b3b413d c4916d99f2b3735d d4f8c05909f9bb3b
+Raw IA32_SGX_SVN_STATUS: 0000000000000000
+MSR_SGXOWNEREPOCH not readable
+End test-sgx
 ```
 
-That means that you are now able to call the special SGX calls of your CPU.  However you will always need the official Intel SGX Drivers including their Launch Enclave to initiate your own enclaves. To be able to execute SGX functions you need both `sgx available: 1` and `sgx [1|2] supported: 1`. Another hint that SGX functions are working is the output of an enclave size eg. `MaxEnclaveSize_64`. 
+That means that you are now able to call the special SGX calls of your CPU.
+However you will always need the official Intel SGX Drivers including their
+Launch Enclave to initiate your own enclaves.  To be able to execute SGX
+functions you need both `Supports SGX` and `SGX[1|2] leaf instructions (SGX[1|2]): 1`.
+
+Another hint that SGX functions are working is the output of an enclave size
+eg. `The maximum supported enclave size` is set.
 
 ## Contribution
 
-Add more hardware to this list via pull requests or simply via issues. 
+Add more hardware to this list via pull requests or simply via issues.