As everyone probably knows, the upstream kernel SGX support refuses to run on some SGX hardware. Linux requires that the Launch Control MSRs be writable, which is sometimes known as "Flexible Launch Control" support. If those MSRs are not writable, Linux will ignore the presence of otherwise SGX-capable hardware. It can be somewhat challenging to find hardware which works. For instance I've got a i7-8086K which has all of the processor support required for SGX, but the system firmware still opts to lock the Launch Control MSRs. I wanted to report that an Intel NUC7CJYH successfully runs enclaves on Linux out of the box. The Intel hardware compatibility list[1] is a bit scary, so I've also included a link to the exact memory that I got. 16GB of RAM seems to work just fine despite what the Intel Ark pages on the CPU says[2]. One little annoyance is that although it came with an A/C adapter, it didn't come with a power cord. There's a link to one of those below too. > https://www.newegg.com/intel-boxnuc7cjyh/p/1VK-004K-001W5 > https://www.newegg.com/g-skill-16gb-260-pin-ddr4-so-dimm/p/N82E16820232154?Item=N82E16820232154 > https://www.newegg.com/startech-3-ft-black-standard-power-cord/p/N82E16812400031 1. https://compatibleproducts.intel.com/ProductDetails?EPMID=126135 2. https://ark.intel.com/content/www/us/en/ark/products/128992/intel-celeron-j4005-processor-4m-cache-up-to-2-70-ghz.html
