This tool is to dump some SGX related information, e.g., hardware and software information, remote attestation report. This can help to diagnose some issues which may caused by the platform settings.
To dump the SGX related hardware and software information, you can use this command:
$ ./teaclave_sgx_tool status Vendor: GenuineIntel CPU Model: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz SGX: Has SGX: true Has SGX1: true Has SGX2: false Supports ENCLV instruction leaves EINCVIRTCHILD, EDECVIRTCHILD, and ESETCONTEXT: false Supports ENCLS instruction leaves ETRACKC, ERDINFO, ELDBC, and ELDUC: false Bit vector of supported extended SGX features: 0x00000000 Maximum supported enclave size in non-64-bit mode: 2^31 Maximum supported enclave size in 64-bit mode: 2^36 Bits of SECS.ATTRIBUTES[127:0] set with ECREATE: 0x0000000000000036 (lower) 0x000000000000001F (upper) EPC physical base: 0x00000000B0200000 EPC size: 0x0000000005D80000 (93M) Supports flexible launch control: true ...
Use the following command to dump remote attestation report and configure the platform accordingly:
$ ./teaclave_sgx_tool attestation --key {as_key} --spid {as_spid} --url {as_url} --algorithm {as_algorithm}
Remote Attestation Report:
{
"advisoryIDs": [
"INTEL-SA-00161",
"INTEL-SA-00320",
"INTEL-SA-00329",
"INTEL-SA-00220",
"INTEL-SA-00270",
"INTEL-SA-00293",
"INTEL-SA-00233"
],
"advisoryURL": "https://security-center.intel.com",
...
}