Sorry, you need to enable JavaScript to visit this website.


Release Date: 
Apr 09, 2020

Intel® Software Guard Extensions SDK


Intel® Software Guard Extensions SDK package includes:

  • An Intel® Software Guard Extensions SDK installer for Linux* OS. It includes binaries to develop enclave applications. The main components include:
    • Trusted libraries, including standard C library, C++ runtime support, C++ STL, and others
    • Development tools, including edger8r, signing tool, and others
    • Sample projects


  • Fixed bugs.



Supported Linux OS distributions:

  • Ubuntu* 18.04 LTS 64-bit Desktop and Server version
  • Red Hat* Enterprise Linux* Server 8.0 (for x86_64)

Note: It is highly recommended to use the listed Linux* OS distributions. Other distributions have not been tested.

Intel(R) SGX developers need GCC 7.3 or later and latest GNU Binutils in order to address CVE- 2020-0551 in their enclaves. Intel is posting latest as, ld, objdump and gold executables from GNU Binutil here.


  • Intel(R) SGX SDK 2.9.1 requires GCC 7.3 or above.
  • The SDK installer will not be provided for below OSes because the native GCC version doesn't meet the requirement:
    • Ubuntu 16.04 LTS Server 64bits
    • Red Hat Enterprise Linux Server release 7.4 64bits
    • CentOS 7.5 64bits
    • Fedora 27 Server 64bits
    • SUSE Linux Enterprise Server 12 64bits
  • Intel® SGX for Linux* OS does not support setting a different charset in GNU* Project Debugger (GDB*).
  • Building the Intel SGX SDK sample project “RemoteAttestation” is possible only within the Intel SGX SDK installation folder.
  • Intel SGX does not support the “long long” type in C++ templates.
  • sgx-gdb depends on GDB* 7.9.1 or later versions. Please upgrade GDB* if it is lower than 7.9.1.
  • If Intel® SGX EDMM feature is used, you should use the version 2.2 or higher of both Intel® SGX PSW and Intel SGX SDK 2.2.
  • sgx-gdb does not support watching Thread Local Storage variables in the enclave.
  • The addresses of all stack variables are randomized. The randomization comes at the expense of increased stack usage. Enclaves built with the Linux 2.4 SDK should increase their stack size setting by 4 KB.
  • Intel® SGX PCL interaction with KSS: In Intel® SGX SDK 2.4, if the Intel® SGX PCL sealing enclave is configured to support KSS (Enclave configuration XML includes entry EnableKSS with value 1), then when sealing the Intel® SGX PCL decryption key, the Intel® SGX PCL sealing enclave cannot use sgx_seal_data. Instead, the Intel® SGX PCL sealing enclave must use sgx_seal_data_ex and assign key_policy such that SGX_KEYPOLICY_MRSIGNER bit is set to 1 and KSS bits (SGX_KEYPOLICY_CONFIGID, SGX_KEYPOLICY_ISVFAMILYID and SGX_KEYPOLICY_ISVEXTPRODID) are set to 0.


Intel® Software Guard Extensions Platform Software


Intel® Software Guard Extensions PSW package includes:

  • Intel® SGX Application enclaves
  • Intel® SGX Runtime System Library
  • Intel® SGX Application Enclave Service Manager (AESM)


Intel® Software Guard Extensions PSW includes the following changes in this release:

  • Supported to query Intel® SGX attestation key ID list.
  • Provided Intel® SGX Data Center Attestation Primitive (DCAP) driver to support ECDSA attestation on platforms which support Intel® SGX Flexible Launch Control
    • Please note this new DCAP driver does not support Intel® SGX EDMM feature.
    • This DCAP driver is in addition to the existing SGX driver (Out of Tree driver) which is still provided, side by side
    • So now there are two drivers in the download repo and user should and only needs to install one of the two drivers
    • Please refer to Intel SGX Installation Guide for Linux OS.pdf’s “Intel® SGX Driver Installation” section to know when to use and know how to install Intel® SGX DCAP driver
  • Fixed bugs



  • 6th Generation Intel® Core™ Processor or newer


Supported Linux* OS distributions:

  • Ubuntu* 16.04 LTS 64-bit Desktop and Server version
  • Ubuntu* 18.04 LTS 64-bit Desktop and Server version
  • Red Hat* Enterprise Linux* Server 8.0 (for x86_64)
  • Red Hat* Enterprise Linux* Server 7.6 (for x86_64)
  • SUSE* Enterprise Server 12 (for x86_64)
  • Fedora 27 Server version


  • Intel® SGX PSW supports the Intel® Xeon® Processor E3 Server V5 and onwards platforms if the platform processor and BIOS supports the Intel® SGX. Please check with OEM/ODM regarding BIOS support for enabling the Intel® SGX.
  • If you need to use the Intel® SGX platform service, install the Intel® Management Engine (Intel® ME) software components. This is optional, you can skip this if you do not need to use the Intel® SGX platform service.
  • Intel® SGX platform service is not supported in Intel® Xeon® Processor E3 Server platforms.


  • Occasionally Intel® SGX aesmd service fail to retrieve enclave launch white-list from internet after rebooting Linux, this may cause failure to load those enclaves which need latest enclave launch white-list support. User can work around this through restarting Intel® SGX aesmd service.