X86/cpu: SGX disabled by BIOS Error

Hello, after updating using garuda-update yesterday, I am experiencing error messages while booting my system. The first error that appears says x86/cpu: SGX disabled by BIOS followed by NVRM: loading NVIDIA UNIX x86_64 Kernal Module 545.29.06 Thu Nov 16 01:59:08 U and then a bunch of ACPI BIOS Error (bug) messages saying could not resolve symbol. And ACPI Errors aborting methods due to previous errors.

I didn’t make any BIOS changes, and this started after the update. I tried searching the issue, but nothing pointed me to the source of the problem. Some posts said ot just enable SGX in the BIOS, but if it wasn’t enabled before I don’t see why it should be enabled now. I would rather fix the thing that made the error appear after hte update.

Thanks for your help!

garuda-inxi

System:
Kernel: 6.6.4-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.2.1
clocksource: tsc available: acpi_pm
parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=f6de50df-1b53-4507-a69d-8201ec25043a rw rootflags=subvol=@
quiet quiet rd.udev.log_priority=3 vt.global_cursor_default=0 loglevel=3
ibt=off
Desktop: KDE Plasma v: 5.27.10 tk: Qt v: 5.15.11 wm: kwin_x11 vt: 2
dm: SDDM Distro: Garuda Linux base: Arch Linux
Machine:
Type: Laptop System: LENOVO product: 20HJS7DG00 v: ThinkPad P51
serial: <superuser required> Chassis: type: 10 serial: <superuser required>
Mobo: LENOVO model: 20HJS7DG00 v: SDK0Q40112 WIN
serial: <superuser required> UEFI: LENOVO v: N1UET86W (1.60 )
date: 11/30/2022
Battery:
ID-1: BAT0 charge: 34.4 Wh (48.4%) condition: 71.1/90.0 Wh (79.0%)
power: 24.0 W volts: 10.9 min: 11.2 model: SMP 00NY493 type: Li-poly
serial: <filter> status: discharging cycles: 976
CPU:
Info: model: Intel Xeon E3-1505M v6 bits: 64 type: MT MCP arch: Kaby Lake
level: v3 note: check built: 2018 process: Intel 14nm family: 6
model-id: 0x9E (158) stepping: 9 microcode: 0xF4
Topology: cpus: 1x cores: 4 tpc: 2 threads: 8 smt: enabled cache:
L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB desc: 4x256 KiB
L3: 8 MiB desc: 1x8 MiB
Speed (MHz): avg: 2699 high: 2701 min/max: 800/4000 scaling:
driver: intel_pstate governor: powersave cores: 1: 2700 2: 2700 3: 2698
4: 2701 5: 2700 6: 2700 7: 2700 8: 2700 bogomips: 48000
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Graphics:
Device-1: Intel HD Graphics P630 vendor: Lenovo driver: i915 v: kernel
arch: Gen-9.5 process: Intel 14nm built: 2016-20 ports: active: eDP-1
empty: none bus-ID: 00:02.0 chip-ID: 8086:591d class-ID: 0300
Device-2: NVIDIA GM206GLM [Quadro M2200 Mobile] vendor: Lenovo
driver: nvidia v: 545.29.06 alternate: nouveau,nvidia_drm non-free: 545.xx+
status: current (as of 2023-10; EOL~2026-12-xx) arch: Maxwell code: GMxxx
process: TSMC 28nm built: 2014-2019 pcie: gen: 1 speed: 2.5 GT/s lanes: 16
link-max: gen: 3 speed: 8 GT/s ports: active: none empty: DP-1,DP-2,DP-3
bus-ID: 01:00.0 chip-ID: 10de:1436 class-ID: 0302
Device-3: Chicony Integrated Camera driver: uvcvideo type: USB rev: 2.0
speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-8:2 chip-ID: 04f2:b5ab
class-ID: 0e02
Display: x11 server: X.Org v: 21.1.9 with: Xwayland v: 23.2.2
compositor: kwin_x11 driver: X: loaded: modesetting,nvidia unloaded: nouveau
alternate: fbdev,intel,nv,vesa dri: iris gpu: i915 display-ID: :0
screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 507x285mm (19.96x11.22")
s-diag: 582mm (22.9")
Monitor-1: eDP-1 model: AU Optronics 0x21eb built: 2016 res: 1920x1080
hz: 60 dpi: 141 gamma: 1.2 size: 345x194mm (13.58x7.64") diag: 396mm (15.6")
ratio: 16:9 modes: 3840x2160
API: EGL v: 1.5 hw: drv: intel iris drv: nvidia platforms: device: 0
drv: nvidia device: 1 drv: iris device: 3 drv: swrast gbm: drv: nvidia
surfaceless: drv: nvidia x11: drv: iris inactive: wayland,device-2
API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: intel mesa v: 23.2.1-arch1.2
glx-v: 1.4 direct-render: yes renderer: Mesa Intel HD Graphics P630 (KBL
GT2) device-ID: 8086:591d memory: 30.46 GiB unified: yes
API: Vulkan v: 1.3.269 layers: 14 device: 0 type: integrated-gpu
name: Intel HD Graphics P630 (KBL GT2) driver: mesa intel v: 23.2.1-arch1.2
device-ID: 8086:591d surfaces: xcb,xlib device: 1 type: discrete-gpu
name: Quadro M2200 driver: nvidia v: 545.29.06 device-ID: 10de:1436
surfaces: xcb,xlib device: 2 type: cpu name: llvmpipe (LLVM 16.0.6 256
bits) driver: mesa llvmpipe v: 23.2.1-arch1.2 (LLVM 16.0.6)
device-ID: 10005:0000 surfaces: xcb,xlib
Audio:
Device-1: Intel CM238 HD Audio vendor: Lenovo driver: snd_hda_intel
v: kernel alternate: snd_soc_avs bus-ID: 00:1f.3 chip-ID: 8086:a171
class-ID: 0403
Device-2: NVIDIA GM206 High Definition Audio driver: snd_hda_intel
v: kernel pcie: gen: 3 speed: 8 GT/s lanes: 16 bus-ID: 01:00.1
chip-ID: 10de:0fba class-ID: 0403
API: ALSA v: k6.6.4-zen1-1-zen status: kernel-api with: aoss
type: oss-emulator tools: N/A
Server-1: PipeWire v: 1.0.0 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Ethernet I219-LM vendor: Lenovo driver: e1000e v: kernel
port: N/A bus-ID: 00:1f.6 chip-ID: 8086:15e3 class-ID: 0200
IF: enp0s31f6 state: down mac: <filter>
Device-2: Intel Wireless 8265 / 8275 driver: iwlwifi v: kernel pcie:
gen: 1 speed: 2.5 GT/s lanes: 1 bus-ID: 04:00.0 chip-ID: 8086:24fd
class-ID: 0280
IF: wlp4s0 state: up mac: <filter>
Drives:
Local Storage: total: 953.87 GiB used: 71.07 GiB (7.5%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:0 model: PCIe SSD size: 953.87 GiB
block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4
tech: SSD serial: <filter> fw-rev: H230331a temp: 39.9 C scheme: GPT
Partition:
ID-1: / raw-size: 224 GiB size: 224 GiB (100.00%) used: 71.04 GiB (31.7%)
fs: btrfs dev: /dev/nvme0n1p5 maj-min: 259:5
ID-2: /boot/efi raw-size: 100 MiB size: 96 MiB (96.00%)
used: 25.8 MiB (26.9%) fs: vfat dev: /dev/nvme0n1p1 maj-min: 259:1
ID-3: /home raw-size: 224 GiB size: 224 GiB (100.00%)
used: 71.04 GiB (31.7%) fs: btrfs dev: /dev/nvme0n1p5 maj-min: 259:5
ID-4: /var/log raw-size: 224 GiB size: 224 GiB (100.00%)
used: 71.04 GiB (31.7%) fs: btrfs dev: /dev/nvme0n1p5 maj-min: 259:5
ID-5: /var/tmp raw-size: 224 GiB size: 224 GiB (100.00%)
used: 71.04 GiB (31.7%) fs: btrfs dev: /dev/nvme0n1p5 maj-min: 259:5
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: zram size: 31.19 GiB used: 0 KiB (0.0%) priority: 100
comp: zstd avail: lzo,lzo-rle,lz4,lz4hc,842 max-streams: 8 dev: /dev/zram0
Sensors:
System Temperatures: cpu: 49.0 C pch: 45.5 C mobo: N/A
Fan Speeds (rpm): fan-1: 0 fan-2: 0
Info:
Processes: 262 Uptime: 12m wakeups: 0 Memory: total: 32 GiB
available: 31.19 GiB used: 2.89 GiB (9.3%) Init: systemd v: 255
default: graphical tool: systemctl Compilers: gcc: 13.2.1 Packages:
pm: pacman pkgs: 2027 libs: 577 tools: octopi,paru Shell: fish v: 3.6.2
default: Bash v: 5.2.21 running-in: konsole inxi: 3.3.31
Garuda (2.6.19-2):
System install date:     2023-09-17
Last full system update: 2023-12-08
Is partially upgraded:   No
Relevant software:       snapper NetworkManager dracut nvidia-dkms
Windows dual boot:       Probably (Run as root to verify)
Failed units:

I think you can simply get rid of that (harmless) message by adding the nosgx kernel boot parameter.
You can find some info here:
https://bbs.archlinux.org/viewtopic.php?id=269249
Or you can of course enable it in the BIOS or proceed with the suggested packages.
But I don’t think it’s worth the effort.

Or go into your BIOS and check the Intel SGX settings as enabled?

After looking at Garuda Linux "Spizaetus" (231029), would the removal of Plymouth be the reason I’m seeing this harmless message now when I did not see it before?

I don’t know, but to me it smells more like kernel stuff.
You could try installing and booting the linux-lts kernel to see if the message persists.
There seem to be reports suggesting to keep this disabled due to known vulnerabilities and that this is going to be deprecated…
https://www.reddit.com/r/debian/comments/146p6kt/sgx_disabled_by_bios/

Based on that thread I don’t think I want to enable SGX. I added nosgx to grub and while that message went away the other messages from my OP are still present: NVRM: loading NVIDIA UNIX x86_64 Kernal Module 545.29.06 Thu Nov 16 01:59:08 U and then a bunch of ACPI BIOS Error (bug) messages saying “could not resolve symbol” and ACPI Errors aborting methods due to previous errors.

I booted with LTS and did not get the NVRM related errors (though I did get some bluetooth and hdaudio related messages).

Shoud I use a previous version of Linux Zen to avoid the NVRM error?

Here is a picture of the log messages. The SGX message no longer appears when booting in Zen. The rest of them still appear.

MessageLog1920×1219 256 KB

Do Intel SGX even apply to Linux? Has anyone an informed opinion?

In my opinion, a kernel downgrade is more risky than those errors.
They are normally due to incorrect ACPI implementations in the BIOS (maybe see if there is an update, just in case…) and are not problematic.
You could try various kernel boot parameters, but I would stay that way, and every now and then, after kernel updates, I’d recheck those logs.

Okay. You are probably right that they are harmless. I was concerned because I had never seen those messages at startup before, but now that I know Plymouth was removed it makes sense that those messages are visible to me now. They have probably been there the whole time.

Thank you for your assistance!

Does Linux use SGX?

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. The Linux Intel(R) SGX software stack is comprised of the Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW)*.

[

intel/linux-sgx: Intel SGX for Linux - GitHub

](GitHub - intel/linux-sgx: Intel SGX for Linux*)

I’m also seeing the intel SGX messages now and have been waiting to see if anyone else would post about it, I don’t use nvidia but do have a intel CPU.

Looks like we can ignore these messages as they were previously hidden by Plymouth from my understanding? My system seems to work fine otherwise.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.