SGX disabled by bios

jagostini · September 14, 2022, 8:43am

Hello,

I did an update last night around 8pm with the command sudo kaisen-update. This morning when I boot up my PC, I get the following error:

[ 0.133958] x86/cpu: SGX disabled by BIOS

BusyBox v1.35.0 (Debian 1:1.35.0-2) built-in shell (ash)

Of course I looked in my bios to see if I had this option, but I don’t (that would be too easy).

Can you help me?

Kaisen · September 14, 2022, 8:54am

Hello Jules,

I hope you are well.

You booting on busybox because the initramfs was not charged correctly?

If this the case, this message is normal

jagostini · September 14, 2022, 9:05am

Hum… it’s possible, I’m coming to an initramfs terminal.

Do you have an idea for solving this? Do you need more information?

Kaisen · September 14, 2022, 9:11am

Yes, the initramfs is corrupted.

Try to start Kaisen on the recovery mode (in the GRUB menu, you can select avdanced options and select the submenu recovery).

Give me a feedback after that

jagostini · September 14, 2022, 9:38am

So this is the result :

IMG_20220914_113147__01

But, I have a good news

Only 5.19.0-kaisen1-amd64 is affected !

My 5.17.0-kaisen1-amd64 boot correctly

Kaisen · September 14, 2022, 10:01am

Great,

You anticipated my request, it was the next one ^^

Can you run this command to remake the initramfs for all kernel availables: sudo update-initramfs -u -k all?
Probably an update that caused this problem with initramfs (for example, an error pending the regeneration of the initramfs)

jagostini · September 14, 2022, 10:48am

I did the command, it did generate the initramfs conf for both versions unfortunately it did not fix the problem. And I can’t boot on version 5.17.0-kaisen1-amd64

Recovery Mode of 5.17.0-kaisen1 :
IMG_20220914_124213__01

Recovery Mode of 5.19.0-kaisen1 it’s the same of the last post

Kaisen · September 14, 2022, 10:49am

Very strange!

Do you use BTRFS?

jagostini · September 14, 2022, 10:51am

Yes, I try to boot with a snapshot from the grub?

Kaisen · September 14, 2022, 10:59am

If it’s possible, yes, and retry to running an update!

After, you can restore a snapshot with the apt-btrfs-snapshot set-default command.

The detailed process is documented here:
https://kaisenlinux.org/documentation/advanced-btrfs-utilisation.html#apt-snapshots

jagostini · September 19, 2022, 10:42pm

Hi @Kaisen and Community !

I’m present you the solution of SGX.

(Intel® Software Guard Extensions) “provides hardware-based memory encryption to isolate specific pieces of code and data from an application in memory.”

So I found this project for linux → GitHub - intel/sgx-software-enable

TIPs : you can use a live usb with chroot, it’s works great !

If you want state of sgx you can execute :

kaisen@kaisenlinux  ~/sgx-software-enable   master  sudo ./sgx_enable --status
Intel SGX is disabled and can be enabled using this utility.

If you want to enable sgx

kaisen@kaisenlinux  ~/sgx-software-enable   master  sudo ./sgx_enable         
Software enable has been set. Please reboot your system to finish
enabling Intel SGX.

(ok in this post, I have another problem, about initramfs but it’s not the main topic, so if you need help about it, tell me, I’ll help you )

Kaisen · September 20, 2022, 8:00pm

Hello @jagostini !

Thank you for the feedback! I’m glad your problem is solved!

Thanks too for the link of this repo !

I think you should explain here how you have solved the problem with initramfs, no problem for me

Kaisen · September 29, 2022, 12:41pm