Announcement

Collapse
No announcement yet.

Microsoft's CBL-Mariner Linux Distribution Adds Intel SGX Support, Updated Packages

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Microsoft's CBL-Mariner Linux Distribution Adds Intel SGX Support, Updated Packages

    Phoronix: Microsoft's CBL-Mariner Linux Distribution Adds Intel SGX Support, Updated Packages

    One of Microsoft's Linux/open-source surprises for 2021 was publishing of CBL-Mariner as their internal Linux distribution used for a variety of purposes at the company. Microsoft has kept to updating CBL-Mariner publicly on a monthly basis and continuing to make it easier to test out and enhance its usefulness. Last night they published their January 2022 build of Microsoft's Linux operating system...

    https://www.phoronix.com/scan.php?pa...r-January-2022

  • #2
    a little bit late given that Intel deprecates it after the security was multiple times broken: https://www.youtube.com/watch?v=K6FMTrflT08

    Comment


    • #3
      It's kinda hard to see how this particular project would be nefarious. Nevertheless, I unintentionally gagged when I read "Microsoft's Linux operating system". They had done everything they could to beat Linux down for so long. It just doesn't seem right phrasing it in a way that makes it seem like they own it.

      Comment


      • #4
        Umm. Intel SGX was removed from the 12:th gen desktop CPUs?
        Intel has named SGX as "Deprecated technology."

        https://edc.intel.com/content/www/us...-technologies/

        Comment


        • #5
          Originally posted by milkylainen View Post
          Umm. Intel SGX was removed from the 12:th gen desktop CPUs?
          Intel has named SGX as "Deprecated technology."

          https://edc.intel.com/content/www/us...-technologies/
          Its already no longer part of some 11th gen processors. At least Mobile Xeon W11955 does not support it anymore. But its 2gen earlier predecessor 2286m does support it.

          Comment


          • #6
            SGX has more usage in server (in particular cloud) environments, and it should be gradually replaced with TDX in the future (which is similar in a way to AMD SEV). It's more trouble than worth on desktop, but for server CPU it will probably continue to be maintained and used until the migration is done. Trusted execution environments are going to be more and more sought after with majority of on-premise infrastructure moving to the cloud. So, SGX on desktop is kinda dead, but on servers is still alive and kicking.

            Comment


            • #7
              Originally posted by clavko View Post
              SGX has more usage in server (in particular cloud) environments, and it should be gradually replaced with TDX in the future (which is similar in a way to AMD SEV). It's more trouble than worth on desktop, but for server CPU it will probably continue to be maintained and used until the migration is done. Trusted execution environments are going to be more and more sought after with majority of on-premise infrastructure moving to the cloud. So, SGX on desktop is kinda dead, but on servers is still alive and kicking.
              Which still doesn't answer the question why Microsoft would be interested in providing support for this in Linux. I suspect it's used for development purposes, which doesn't really fit together with the idea of linux server users' needs being the main concern or catalyst.

              Comment


              • #8
                Originally posted by azdaha View Post

                Which still doesn't answer the question why Microsoft would be interested in providing support for this in Linux. I suspect it's used for development purposes, which doesn't really fit together with the idea of linux server users' needs being the main concern or catalyst.
                CBL Mariner is used for Azure cloud images, and given that Azure provides support for SGX workloads, it's natural that the distribution will support it. SGX boils down to kernel option being configured, so that enclave binaries can do their magic.

                Comment

                Working...
                X