Results from Google Cloud Platform SGX Testing

[marknelsonengineer]

Testing SGX Support on Google Cloud Platform

Here's the output of test-sgx on various instances of GCP VMs...

GCP C3 instance

Start test-sgx
CPUID is available
The CPU is Genuine Intel
CPUID is capable of examining SGX capabilities
CPU: Intel(R) Xeon(R) Platinum 8481C CPU @ 2.70GHz
  Stepping 8         Model 15           Family 6 
  Processor type 0   Extended model 8   Extended family 0 
Safer Mode Extensions (SMX): 0
Extended feature bits (EAX=7, ECX=0): eax: 00000001  ebx: f1bf2feb  ecx: 1a415f46  edx: afc04410
Does not support SGX

GCP E2 instance

This is like buying an economy airline ticket… you can’t pick your seat anymore. In this case, there’s no way to specify the class of CPU the instance will use.

GCP N2 - Ice Lake
Start test-sgx
CPUID is available
The CPU is Genuine Intel
CPUID is capable of examining SGX capabilities
CPU:            Intel(R) Xeon(R) CPU @ 2.60GHz
  Stepping 6         Model 10           Family 6 
  Processor type 0   Extended model 6   Extended family 0 
Safer Mode Extensions (SMX): 0
Extended feature bits (EAX=7, ECX=0): eax: 00000000  ebx: f1bf2ffb  ecx: 00405f46  edx: ac000410
Does not support SGX

GCP N2 - Cascade Lake

This VM was interesting because Cascade lake definitely supports SGX, but their hypervisor has clearly intercepted the CPUID instruction and dumbed it down.

Start test-sgx
CPUID is available
The CPU is Genuine Intel
CPUID must be able to enumerate SGX instructions at leaf 0x12
Maximum enumeration leaf for Basic CPUID is: 0xd

GCP N1 - Skylake

They did the same thing with the N1 instances.

Start test-sgx
CPUID is available
The CPU is Genuine Intel
CPUID must be able to enumerate SGX instructions at leaf 0x12
Maximum enumeration leaf for Basic CPUID is: 0xd