In this video, we're going to discuss detecting and enabling

the Intel software guard extensions, or Intel SGX.

Before an application can use Intel SGX

four conditions have to be met.

The CPU in that system must support the Intel SGX

instructions.

The system BIOS must support Intel SGX.

Intel SGX must be enabled in the BIOS.

And the intellect SGX platform software, or PSW,

must be installed on that system.

Intel SGX was introduced with the sixth generation Intel Core

line of processors and the Intel Xeon E-3 v-6 server processor.

There are three possible BIOS settings for Intel SGX.

Enabled, disabled and a software controlled setting.

Not all BIOS manufacturers implement all three options,

and some may not provide a BIOS configuration setting at all.

The enabled setting explicitly enables Intel SGX,

and the disabled setting explicitly disables it.

The software control option allows Intel SGX applications

to have the BIOS enable it automatically the next time

the system reboots.

This software enable function eliminates the need for users

to have to enter their BIOS set up screen, which

can be a daunting and confusing task for non-technical end

users.

Note that Intel SGX may not be available for use

by applications even if it's supported by the CPU.

Applications and application installers

need to be able to detect Intel SGX availability at runtime,

and take appropriate action based

on the system's configuration.

It is extremely important that applications be robust.

Even if an application requires Intel SGX

it should exit gracefully and display a meaningful error

message if it's not available.

A properly written Intel SGX application

must not crash solely because Intel SGX support is not

present on the system where it's run.

Application installers should follow this sequence.

Detect whether or not Intel SGX is

supported by the CPU and BIOS.

Determine whether or not the platform software package has

already been installed, and install it if it hasn't.

Determine whether or not Intel SGX has been enabled

on the system, and attempt the software enable if it hasn't.

The applications themselves follow a slightly different

sequence.

Determine whether or not the platform software

has been installed.

Determine whether or not until SGX has been enabled,

and attempt the software enable if it hasn't.

If any of these steps fail, then the system

does not support Intel SGX.

If the application requires Intel SGX to run,

then an error should be reported to the user.

Proper detection of into Intel SGX

is essential in enabled applications,

and the detection procedure is more complicated

than simply checking for instruction support on the CPU.

To learn more about the Intel SGX feature detection

procedure, and to view some sample code

visit the link below.

Be sure to watch the rest of this playlist to learn more

about Intel SGX application development.

And remember to like this video and subscribe.