Thinkpad L380 Yoga supports SGX #120
Description
I enabled SGX option in BIOS, then ran test-sgx and got the following results:
Start test-sgx (version 2.0.0) at Mon Feb 24 18:13:58 2025
CPUID is available
The CPU is Genuine Intel
CPUID is capable of examining SGX capabilities
CPU: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Stepping 10 Model 14 Family 6
Processor type 0 Extended model 8 Extended family 0
Safer Mode Extensions (SMX): 0
Extended feature bits (EAX=7, ECX=0): eax: 00000000 ebx: 029c67af ecx: 00000000 edx: bc002e00
Supports SGX
SGX Launch Configuration (SGX_LC): 0
SGX Attestation Services (SGX_KEYS): 0
SGX1 leaf instructions (SGX1): 1
SGX2 leaf instructions (SGX2): 0
EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT (OVERSUB-VMX): 0
ETRACKC, ERDINFO, ELDBC, and ELDUC (OVERSUB-Supervisor): 0
EVERIFYREPORT2: 0
Allow attestation w/ updated microcode (EUPDATESVN): 0
Allow enclave thread to decrement TCS.CSSA (EDECCSSA): 0
Supported Extended features for MISC region of SSA (MISCSELECT) 0x00000000
The maximum supported enclave size in non-64-bit mode is 2^31
The maximum supported enclave size in 64-bit mode is 2^36
Raw ECREATE SECS.ATTRIBUTES[63:0]: 00000000 00000036
ECREATE SECS.ATTRIBUTES[DEBUG] (Debugger can read/write enclave data w/ EDBGRD/EDBGWR): 1
ECREATE SECS.ATTRIBUTES[MODE64BIT] (Enclave can run as 64-bit): 1
ECREATE SECS.ATTRIBUTES[PROVISIONKEY] (Provisioning key available from EGETKEY): 1
ECREATE SECS.ATTRIBUTES[EINITTOKEN_KEY] (EINIT token key available from EGETKEY): 1
ECREATE SECS.ATTRIBUTES[CET] (Enable Control-flow Enforcement Technology in enclave): 0
ECREATE SECS.ATTRIBUTES[KSS] (Key Separation and Sharing Enabled): 0
ECREATE SECS.ATTRIBUTES[AEXNOTIFY] (Threads may receive AEX notifications): 0
Raw ECREATE SECS.ATTRIBUTES[127:64] (XFRM: Copy of XCR0): 00000000 0000001f
EPC[0]: Protection: ci Base phys addr: 00000000d0200000 size: 0000000005d80000
vDSO base address: 0x7ffe00d85000
Printing Symbol Table:
vDSO symbol: __vdso_time
vDSO symbol: getcpu
vDSO symbol: __vdso_clock_getres
vDSO symbol: __vdso_getcpu
vDSO symbol: clock_getres
vDSO symbol: __vdso_gettimeofday
vDSO symbol: LINUX_2.6
vDSO symbol: gettimeofday
vDSO symbol: __vdso_clock_gettime
vDSO symbol: time
vDSO symbol: clock_gettime
rdmsr: CPU 0 doesn't support MSRs
IA32_FEATURE_CONTROL not readable
rdmsr: CPU 0 doesn't support MSRs
IA32_SGXLEPUBKEYHASH[0-3] not readable
rdmsr: CPU 0 doesn't support MSRs
IA32_SGX_SVN_STATUS not readable
rdmsr: CPU 0 doesn't support MSRs
MSR_SGXOWNEREPOCH not readable
XSAVE features and state-components
rdmsr: CPU 0 doesn't support MSRs
IA32_XSS not readable
Maximum size (in bytes) of current XCR0 XSAVE area: 1088
Maximum size (in bytes) of all-set XCR0 XSAVE area: 1088
Size (in bytes) of current XCR0+IA32_XSS XSAVE area: 960
Supported XCR0: 000000000000001f
Actual XCR0: 000000000000001f
Supported IA32_XSS: 0000000000000100
Actual IA32_XSS: 0000000000000000
Register Name Supported Value Description
======== ======= ========= ===== ===========
XCR0 x87: yes set x87 Floating Point Unit & MMX
XCR0 SSE: yes set MXCSR and XMM registers
XCR0 AVX: yes set YMM registers
XCR0 BNDREG: yes set MPX for BND registers
XCR0 BNDCSR: yes set MPX for BNDCFGU and BNDSTATUS registers
XCR0 opmask: no clear AVX-512 for AVX opmask and AKA k-mask
XCR0 ZMM_hi256: no clear AVX-512 for the upper-halves of lower ZMM registers
XCR0 Hi16_ZMM: no clear AVX-512 for the upper ZMM registers
IA32_XSS PT: yes clear Processor Trace
XCR0 PKRU: no clear User Protection Keys
IA32_XSS PASID: no clear Process Address Space ID
IA32_XSS CET_U: no clear Control-flow Enforcement Technology: user-mode functionality MSRs
IA32_XSS CET_S: no clear CET: shadow stack pointers for rings 0,1,2
IA32_XSS HDC: no clear Hardware Duty Cycling
IA32_XSS UINTR: no clear User-Mode Interrupts
IA32_XSS LBR: no clear Last Branch Record
IA32_XSS HWP: no clear Hardware P-state control
XCR0 TILECFG: no clear AMX - Advanced Matrix Extensions
XCR0 TILEDATA: no clear AMX - Advanced Matrix Extensions
XCR0 APX: no clear Extended General Purpose Registers R16-R31
Supported XSAVE feature flags: 0000000f
xsaveopt - save state-components that have been modified since last XRSTOR: 1
xsavec - save/restore state with compaction: 1
xgetbv_ecx1 - XGETBV with ECX=1 support: 1
xss - save/restore state with compaction, including supervisor state: 1
xfd - Extended Feature Disable supported: 0
End test-sgx