Intel Is Still Working On Upstreaming SGX Enclave Support To Linux - Now At 21 Revisions

Written by Michael Larabel in Intel on 16 July 2019 at 10:45 AM EDT. 3 Comments
INTEL
Intel Software Guard Extensions "SGX" have been around since Skylake for allowing hardware-protected (via encryption) memory regions known as "enclaves" that prevent processes outside of the enclave from accessing these memory regions. While supported CPUs have been out for years, the Intel SGX support has yet to make it into the mainline kernel and this week marks the twenty-first revision to these patches.

The twenty-eight patches implementing the Intel SGX foundations support for the Linux kernel and Intel Memory Encryption Engine support were revised with various fixes. Even if the review of this twenty-first revision to these patches go spectacular, due to the timing this SGX support won't land until at least the Linux 5.4 kernel with being too late for Linux 5.3.

Intel has been working to get this SGX support into the Linux kernel since 2016. While waiting for this Software Guard Extensions support to be primed for the Linux kernel, there has been the "Prime+Probe" proof-of-concept attack against SGX enclaves as well as SGX being susceptible to the Foreshadow attack.

For those interested, the v21 patches to SGX for Linux can be found on the kernel mailing list.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week