You are not logged in.
I'm encountering two kernel (syslog "error"/level 3) messages that are spammed into getty and logged to the systemd journal on every boot:
archlinux kernel: x86/cpu: SGX disabled by BIOS.
<hostname> kernel: intel-spi 0000:00:1f.5: invalid resource
The address next to intel-spi in the logs stays the same across reboots. I do not have access to the BIOS on this remote machine.
I do not care about Intel SGX, however none of the related kernel modules I found online can be found:
$ lsmod | grep -i sgx
<no results>
$ modinfo intel_sgx
modinfo: ERROR: Module intel_sgx not found.
$ modinfo isgx
modinfo: ERROR: Module isgx not found.
$ modinfo Csgx
modinfo: ERROR: Module Csgx not found.
$ modinfo sgx
modinfo: ERROR: Module sgx not found.
I have blacklisted all of the possible module names listed above anyway. Will this break anything?
From what I understand, SPI would allow applications to update the BIOS firmware (f.e. with fwupd or gnome-firmware?), which I would be interested in. How can I get it to work/fix the cryptic reported error message? I was not able to find anything helpful myself (other than suggestions of disabling it).
Offline
If it's a one off message I'd say you shouldn't care too much, and chances of breaking something are much higher than simply resisting the urge of caring about the message. As you've noticed it's not any of these kernel modules and blacklisting them will not have any effect since they do not exist. It's not a module but a processor feature that is disabled in your BIOS and the kernel informs you of this fact, should this maybe not be a level 3 message? Possibly. Is it likely to have a lasting negative effect? Unlikely.
I'd assume it's likely that both of the underlying features here are disabled in your BIOS and you wont get around getting access to it at least once if you actually want to make use of the SPI relevant parts.
Last edited by V1del (2021-08-30 15:37:19)
Offline
I too have been seeing the SGX disabled message recently in my logs, this post spurred me to do some digging.
Going through my journal, it looks like it started for me on 2021-07-20, which when I checked my pacman logs, is when I upgraded linux from 5.12.15 to 5.13.4.
As I could find no setting in my BIOS that was related to these Software Guard Extensions, I did some cursory google-fu about the SGX message and found this interesting link. It purports to explain how to enable this via "software opt-in", see quote from page below for reference:
Intel® Software Guard Extensions (SGX) is a hardware-based isolation and memory encryption mechanism provided by modern Intel® CPUs. Normally, it is disabled in the BIOS by the manufacture of your motherboard. In order to use it, the SGX option in the BIOS must be set to Enable or Software Controlled.
By setting the option to Enable, all of the SGX instructions and resources are available to applications, making it easy to deploy SGX related program on your machine. However, in some motherboards, the only available options in the BIOS are Software Controlled and Disable. According to the official document of Intel, Software Controlled indicates that Intel SGX can be enabled by software applications, but it is not available until this occurs (called the “software opt-in”).
The only other link I found that was semi relevant for me was a Dell support forum post with no replies. I am using a precision 5510, not 3510, but same era model cpu. Again I don't see any options in my BIOS about SGX.
I don't have any messages related to intel-spi. But interestingly, I was unable to use fwupdmgr to update to the latest BIOS recently. It saw I had an available upgrade and downloaded it, but once downloaded told me I didn't have any available devices?
Last edited by CarbonChauvinist (2021-08-30 23:06:50)
"the wind-blown way, wanna win? don't play"
Offline
If you can not enable SGX in firmware you can add the boot option nosgx so the kernel will not try and use SGX when it detects the CPU supports it.
Online