Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

Intel Software Guard Extensions "SGX" have been around since Skylake for allowing hardware-protected (via encryption) memory regions known as "enclaves" that prevent processes outside of the enclave from accessing these memory regions. While supported CPUs have been out for years, the Intel SGX support has yet to make it into the mainline kernel and this week marks the twenty-first revision to these patches.

The twenty-eight patches implementing the Intel SGX foundations support for the Linux kernel and Intel Memory Encryption Engine support were revised with various fixes. Even if the review of this twenty-first revision to these patches go spectacular, due to the timing this SGX support won't land until at least the Linux 5.4 kernel with being too late for Linux 5.3.

Intel has been working to get this SGX support into the Linux kernel since 2016. While waiting for this Software Guard Extensions support to be primed for the Linux kernel, there has been the "Prime+Probe" proof-of-concept attack against SGX enclaves as well as SGX being susceptible to the Foreshadow attack.

For those interested, the v21 patches to SGX for Linux can be found on the kernel mailing list.