Show Your Support: This site is primarily supported by advertisements. Ads are what have allowed this site to be maintained on a daily basis for the past 18+ years. We do our best to ensure only clean, relevant ads are shown, when any nasty ads are detected, we work to remove them ASAP. If you would like to view the site without ads while still supporting our work, please consider our ad-free Phoronix Premium.
Intel SGX2 Support Poised To Land In Linux 5.20
Back in 2020 Intel SGX support was finally mainlined in the Linux kernel. Intel Software Guard Extensions (SGX) is a CPU security feature for private memory regions "enclaves" that are inaccessible from the outside. SGX enclaves are encrypted and this functionality has been around since Skylake.
While Intel deprecated SGX in 11th and 12th Gen Core processors, Intel has been still working on this security feature for cloud and server use-cases. With Intel Ice Lake and Gemini Lake processors there is SGX2 as a set of improvements to SGX enclaves to allow more dynamic control over them.
At the end of last year Intel published SGX2 Linux patches. After a few months and rounds of review, those SGX2 kernel patches look like they will be merged for Linux 5.20.
As of yesterday they were picked up in TIP's x86/sgx branch. In now making it to a TIP branch, it's very likely the code will be submitted for the Linux 5.20 merge window coming up in a few short weeks. SGX2 introduces new instructions and the ability to support dynamic modifications to the initialized security enclaves. SGX2 in some documentation is also called the Enclave Dynamic Memory Management (EDMM).