Intel® Trusted Execution Technology (Intel® TXT)

Intel SGX Licensing question


Could someone from Intel provide contact information about Intel SGX SDK license, and how to get the SDK I asked this question on ISA extensions mailing-list, but did not get any reply, so trying this forum.

Given that SGX enabled CPUs are available on the market, if Intel wants startups to make use of this technology then please let people about the SDK, the licensing terms, and how one can get kernel drivers for Linux.


LCP creation


I have tboot running on Intel Server board E5- 2658. I get txt measured launch as true and can see the populated pcrs values.

At the moment, I don't have any LCP in TPM. My Platform is using default policy i guess. 

I want to explore the option in LCP that what should happen when pcrs measurement fails i.e. system refuse to boot or boot with limited functionalities.

Tboot issues on Intel Server board E5-2658

Hello guys

I have been trying to implement trusted boot feature in our server and testing it with the tools Intel provides (ServerTXTINFO, getsec64, and Serversecret).

But I am getting bunch of errors. txt-stat in my red hat terminal shows that secret and secret flag set = False but TXT Measured launch = True.

When I run getsec64.efi tool in EFI shell, I get error that System is already in TXT environment run getsec64 -l sexit

Custom TXT: Errorcode 0xC0000481


just a shortish question because I am a little baffled right now. I am programming a new MLE to be used with Intel TXT. We want to launch this within a running Linux (64Bit) - this should be perfectly possible afaik. I got most of it working, TXT is working (tboot would successfully boot on previous tests!), but now I get this error whenever I execute GETSEC[SENTER]: 0xC0000481.


I'm booting tboot to a 3.11.10 linux kernel and it is indeed booting and pcrs, including 17,18 and 19 are being extended. Perhaps I just don't understand the sequencing - the part that has me perplexed is where tboot goes into SENTER and then starts over again and succeeds - although SEXIT is never run - specifically this section. I guess my question is - why would it restart tboot?

Suscribirse a Intel® Trusted Execution Technology (Intel® TXT)