Intel Sends Out Linux Support For SGX Enclaves Support A 40th Time
SGX enclaves support is about providing protected regions of code/data from unauthorized access or modification. SGX support has been around since Skylake and continues to be built upon including with upcoming Ice Lake Xeon servers. But getting mainline support for SGX has been quite an effort now taking years and as of this week up to forty rounds of code review.
SGX security woes, the complexity of the implementation, and lack of upstream interest for a number of reasons has led to this Intel SGX foundations support for the mainline Linux kernel taking quite a while to get squared away. There are many public clouds and enterprises using SGX today through manually loading Intel's code into their distribution / operating system configuration.
The SGX kernel code with the v40 patches are now explicitly using the GPL 2.0 license as previously they also claimed to be 3-clause BSD licensed. But as pointed out during the code review, SGX is using GPL-only header files and thus a license mismatch if it's also supposed to be BSD licensed. With still going years to get the code upstreamed, this round of patches had to update the copyright years with some of them still reflecting "2016 - 2018" years.
The SGX v40 Linux patches also have a number of low-level fixes and other code improvements. More details on the SGX v40 Linux kernel patches via the mailing list. We'll see in December if SGX gets pulled into the Linux 5.11 merge window or if the Intel developers will keep working on pushing it to upstream into 2021.