Intel Secure Guard Extensions Published For The Linux Kernel (SGX)

Written by Michael Larabel in Intel on 26 April 2016 at 07:19 PM EDT. 4 Comments
Intel is finally offering up a kernel driver it's seeking to mainline for providing support for Secure Guard Extensions (SGX).

SGX is found on select sixth generation Core CPUs (Skylake) and is a new security feature that many were excited about at first but has since been less promoted and some not liking the final design. SGX aims to fend against software attacks from any privilege level and against various hardware-based attack vectors. Intel OTC's Jarkko Sakkinen who has been working on the Linux SGX driver describes it as, " Intel SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. The firmware uses PRMRR registers to reserve an area of physical memory called Enclave Page Cache (EPC). There is a hardware unit in the processor called Memory Encryption Engine. The MEE encrypts and decrypts the EPC pages as they enter and leave the processor package."

If this is your first time hearing about Secure Guard Extensions, you can find out more via or a quick overview via Wikipedia. You can find out if your CPU supports SGX via the sgx identifier in /proc/cpuinfo.

The Secure Guard Extensions support for the Linux kernel can be found via the Linux kernel mailing list where it's implemented across six patches with the new intel_sgx driver being proposed for the kernel's staging area and tacks on just over three thousand lines of new code.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week