SGX disabled by BIOS in Ubuntu 22.04

Question

System information:

Intel Core i5-10600K
Gigabyte H510M H
NVIDIA GTX 1050TI 4GB
500GB x1 NVME SSD (Installed Ubuntu), 2TB x1 HDD, 1TB x1 IDE HDD, and 250GB x1 SSD

Operating system:

Ubuntu 22.04
kernel 5.15.0-27-generic

Does this answer your question? My computer boots to a black screen, what options do I have to fix it? — Pilot6, May 05 '22 at 09:54
Does this answer your question? Can't install Ubuntu from an USB stick: AE_NOT_FOUND, AE_ALREADY_EXISTS — karel, May 05 '22 at 11:43
Related: https://github.com/intel/sgx-software-enable may be able to enable SGX via UEFI stuff for the next reboot, depending on whether your BIOS has explicitly disabled it or left it up to software. The readme for that Intel software explains the possibilities. — Peter Cordes, Aug 03 '22 at 23:34

score 18 · Answer 1 · answered May 11 '22 at 09:14

18

For me the solution was exactly what the error message suggests: to enable SGX in BIOS. I have an HP Elitebook, in the BIOS Security section there is a checkbox:

Intel Software Guard Extension (SGX)

I set it to Enable (instead of Disable or Software defined)

answered May 11 '22 at 09:14

szabozoltan

281
1
4

Had the same with my Dell XPS 15. Thank you. – Daantje Jul 16 '22 at 13:30
Had the same issue with an Intel NUC. Thanks! – Alz Apr 17 '23 at 21:37

score 14 · Answer 2 · edited Nov 03 '22 at 09:21

14

You can use sgx software enable to enable Intel SGX on Linux system Where the BIOS supports intel SGX.

This application will enable Intel SGX on Linux systems where the BIOS supports Intel SGX, but does not provide an explicit option to enable it. These systems can only enable Intel SGX via the "software enable" procedure.

I tried it, it works.

edited Nov 03 '22 at 09:21

Hastur

3,950

answered Sep 09 '22 at 05:33

Mohammad Mahdi

498

user1644820 · Answer 3 · 2022-10-28T06:36:04.607

6

The SGX technology has a weakness called Poreshadow or L1TF.

https://support.lenovo.com/kr/en/solutions/ps500174-intel-software-guard-extensions-sgx-vulnerabilities https://www.techspot.com/news/93006-intel-sgx-deprecation-impacts-drm-ultra-hd-blu.html

If you are not going to watch 4K bluelay video, turn it off.

edited Oct 28 '22 at 06:36

answered Oct 28 '22 at 06:14

user1644820

61

I assume the disable by bios message means it's getting fully disabled anyway, can just leave it in that state or is something more required? – Britton Kerin Oct 22 '23 at 18:49

score 5 · Accepted Answer · answered Jun 18 '22 at 21:42

I had the same problem, but the SGX option literally did not exist in my BIOS, so it was impossible to change that.

A workaround was to reinstall with the "Minimal installation" option (as opposed to "Normal"), as well as not download updates or install third party software.

score 1 · Answer 5 · edited Jul 07 '23 at 21:32

1

In the case that I encountered, I couldn't solve it with "SGX software enable", but it was resolved when I reinstalled my linux and went to BIOS via

systemctl reboot --firmware-setup

edited Jul 07 '23 at 21:32

zx485

2,426

answered Jun 11 '23 at 01:50

Arisma Mar

11

SGX disabled by BIOS in Ubuntu 22.04

5 Answers5

Linked

Related