Announcement

Collapse
No announcement yet.

Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

    Phoronix: Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

    Intel Software Guard Extensions "SGX" have been around since Skylake for allowing hardware-protected (via encryption) memory regions known as "enclaves" that prevent processes outside of the enclave from accessing these memory regions. While supported CPUs have been out for years, the Intel SGX support has yet to make it into the mainline kernel and this week marks the twenty-first revision to these patches...

    http://www.phoronix.com/scan.php?pag...nux-Version-21

  • #2
    While waiting for this Software Guard Extensions support to be primed for the Linux kernel, there has been the "Prime+Probe" proof-of-concept attack against SGX enclaves as well as SGX being susceptible to the Foreshadow attack.
    So I'm assuming this will require mitigations which will wipe out any advantage of these "enclaves"? What's the advantage of supporting this in the kernel then?
    Last edited by andyprough; 07-16-2019, 01:50 PM.

    Comment


    • #3
      Any other OS support this feature?

      Comment


      • #4
        Originally posted by andrei_me View Post
        Any other OS support this feature?
        Windows 10 does.

        I personally have it turned off in firmware settings because there's nothing stopping malware from using it as well as any supposedly legitimate software.

        Comment

        Working...
        X