Intel SGX Linux Support Bits Revved For A Twenty-Second Time

The Software Guard Extensions (SGX) support for the Linux kernel around the memory enclaves continues to be worked on by the open-source Intel team and is now up to their twenty-second revision but it's not clear that this code is ready yet for the upcoming Linux 5.4 cycle.

Intel has worked an excruciatingly long time on these Linux patches with the v21 patches having come out in mid-July. Now at the start of September is v22 for these patches that provide support for hardware-protected/encrypted memory regions with SGX enclaves.

This Intel SGX bring-up in Linux and supporting the Memory Encryption Engine has been going on since shortly after the first Skylake CPUs surfaced where these processors introduced the initial support for Software Guard Extensions.

Some kernel developers have been apprehensive to the patches at least in their earlier form and there have been various SGX attack vectors / vulnerabilities to be exposed over the years, but it looks like eventually these patches will get in with Intel's persistence. However, given the Linux 5.4 merge window is expected in just over one week's time while next week is the Linux Kernel Summit that will limit the bandwidth of upstream kernel developers to review the 24 patches (5k+ lines of code), I'd wager that it won't land until at least Linux 5.5.

The Intel SGX Foundations v22 patches have a lot of fixes and a lot of internal code restructuring to make the SGX implementation more robust. More details via this patch series.