Which Platforms Support Intel® Software Guard Extensions (Intel® SGX) Datacenter Attestation Primitives (DCAP)?

Unable to validate if a processor that supports Intel® Software Guard Extensions (Intel® SGX) also supports Datacenter Attestation Primitives (DCAP) and Flexible Launch Control (FLC)

If a processor supports Intel® SGX and FLC, it supports DCAP.

There are two options to determine if your system's processor supports FLC:

Option 1
On a Linux* system, execute cpuid in a terminal:

1. Open a terminal and run: $ cpuid | grep -i sgx
2. Look for output: SGX_LC: SGX launch config supported = true

Option 2
Use test-sgx.c:

1. Go to the SGX Hardware Github and download the file test-sgx.c or clone the repository
2. Compile and run test-sgx.c according to these instructions:
   $ gcc test-sgx.c -o test-sgx
   $ ./test-sgx
3. Look for output: sgx launch control: 1

FLC support in Intel® Xeon® E systems is also dependent on the BIOS and firmware. The platform must have an Intel® Server Platform Services (Intel® SPS)–based BIOS and firmware. Check with your platform manufacturer to verify if it is SPS-based or not.

You can find more information in An update on 3rd Party Attestation.

Intel® SGX DCAP ECDSA Attestation works with the following Intel processors that support FLC:

• 3rd gen Intel® Xeon® Scalable processors
• The top three SKUs of the Intel® Xeon® E-21xx family support FLC (E-2174G, E-2176G, E-2186G) on Intel® SPS–based platforms.
• 8th Generation Intel® Core™ Processor or newer with Flexible Launch Control and Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) support
• Intel Atom® Processor with Flexible Launch Control and Intel® AES-NI support

The following Intel® NUC Kits support FLC:

• Intel® NUC Kit NUC7CJYH with Intel® Celeron® J4005 Processor
• Intel® NUC Kit NUC7PJYH with Intel® Pentium® Silver J5005 Processor
• Intel® NUC 9 Pro Kit - NUC9VXQNX with Intel® Xeon® E-2286M Processor (16M Cache, 2.40 GHz)