Fedora 42 Looking To Package Intel SGX Software Stack

Written by Michael Larabel in Fedora on 4 December 2024 at 08:48 AM EST. 8 Comments
FEDORA
Fedora stakeholders are evaluating supporting an Intel Software Guard Extensions (SGX) software stack with next year's Fedora 42 release.

Intel SGX is a means of creating a trusted execution envionment on supported CPUs -- a variety of Intel Core and Xeon processors support it. But it's been controversial due to a number of published security vulnerabilities around it over the years and the idea of "trusted" execution in the open-source world rubbing some users the wrong way, especially if SGX is used for purposes of Digital Rights Management. Linux adoption around Intel SGX has been fairly limited beyond some enterprises.

Intel SGX logo


With Fedora 42 they are looking to offer optional Intel SGX software packages in part as a step toward enabling Intel Trust Domain Extensions (TDX) in a future Fedora release on Intel servers.
"The Intel SGX technology enables creation of execution enclaves, whose memory is encrypted and thus protected from all other code running on the CPU, including SMM, firmware, kernel and userspace. This proposal is to introduce the SGX host software stack, architectural enclaves and development packages to Fedora, to enable future introduction applications and features which have a dependency on SGX technology.

The primary feature that will leverage SGX in a subsequent Fedora release is expected to be Intel TDX, which provides confidential virtual machines, and is in the process of being integrated with QEMU and Linux/KVM."

The Fedora Engineering and Steering Committee (FESCo) still has to vote on the Intel SGX proposal for Fedora 42 but for those interested can see the plans on the Fedora Wiki.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week