Intel Secure Guard Extensions Published For The Linux Kernel (SGX)

Written by Michael Larabel in Intel on 26 April 2016 at 07:19 PM EDT. 4 Comments
INTEL
Intel is finally offering up a kernel driver it's seeking to mainline for providing support for Secure Guard Extensions (SGX).

SGX is found on select sixth generation Core CPUs (Skylake) and is a new security feature that many were excited about at first but has since been less promoted and some not liking the final design. SGX aims to fend against software attacks from any privilege level and against various hardware-based attack vectors. Intel OTC's Jarkko Sakkinen who has been working on the Linux SGX driver describes it as, " Intel SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. The firmware uses PRMRR registers to reserve an area of physical memory called Enclave Page Cache (EPC). There is a hardware unit in the processor called Memory Encryption Engine. The MEE encrypts and decrypts the EPC pages as they enter and leave the processor package."

If this is your first time hearing about Secure Guard Extensions, you can find out more via Intel.com or a quick overview via Wikipedia. You can find out if your CPU supports SGX via the sgx identifier in /proc/cpuinfo.

The Secure Guard Extensions support for the Linux kernel can be found via the Linux kernel mailing list where it's implemented across six patches with the new intel_sgx driver being proposed for the kernel's staging area and tacks on just over three thousand lines of new code.
4 Comments
Related News
One Of Intel's Newest Open-Source Projects Is A New Font For Developers
Intel Announces Faster Arc Pro A60 & A60M Graphics
Intel Continues Prepping Meteor Lake Graphics On Linux, Adds VRR eDP Support
Intel's Codeplay Announces oneAPI Construction Kit For Bringing SYCL To New Hardware
Intel's Latest Linux Patches To Boost VM Performance - Particularly For High I/O Use
Intel Releases OpenVINO 2023 - Load TF Models Directly, Hybrid CPU Thread Scheduling
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
System76 Virgo Aims To Be The Quietest Yet Most Performant Linux Laptop
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake
Debian 12 "Bookworm" Set For Release Next Week With Around 100 Known Bugs
NVIDIA R535 Linux Beta Brings New Vulkan Extensions, DMA-BUF v4 Wayland Protocol
Linux 6.3.5 Released With XFS Metadata Corruption Fix
Steam On Linux Use Ticked Higher In May, 25% Of Linux Gamers Are Using The Steam Deck
Phoronix.com Turns 19 Years Old For Covering Linux Hardware, Open-Source News