Intel SGX Async Exit Notification "AEX Notify" Lands In Linux 6.2

Written by Michael Larabel in Intel on 14 December 2022 at 11:30 AM EST. Add A Comment
INTEL
In addition to the in-development Linux 6.2 bringing TDX guest attestation support for use with new processors, another new hardware security feature being enabled with this next kernel release is Asynchronous Exit Notification for Software Guard Extensions (SGX).

The new SGX support code in the Linux 6.2 kernel allows for SGX-secured enclaves to use the Asynchronous Exit (AEX) Notification mechanism found with new Intel CPUs. The AEX Notify path allows for running a handler on exit events that in turn can mitigate issues like the SGX-Step vulnerability. AEX Notify support helps toughen the defenses around Intel's SGX against an entire class of attacks.


AEX Notify will be supported with upcoming Intel CPUs and may be available for select older processors via updated microcode.

With the now-merged x86/sgx code in Linux 6.2, the AEX Notify support is in place for both bare metal enclaves as well as use within KVM virtual machines (VMs) to better secure SGX enclaves on supported processors.

In addition to SGX AEX Notify and TDX guest attestation, other security improvements landing for Linux 6.2 also include Call Depth Tracking for lower-overhead mitigation of Retbleed with Skylake era processors, FineIBT as a control flow integrity option for CPUs with Indirect Branch Tracking (IBT) support, and a security enhancement in general is randomizing the per-CPU entry area.
Add A Comment
Related News
New Intel P-State Linux Driver Patches To Better Handle Hybrid Core CPUs
Intel Talks Up Their Latest Compiler Toolchain Enhancements For AVX10.1, AMX & More
Rework For Intel CPU Model Handling To Land With Linux 6.10
Linux 6.10 Adding Intel Low-Latency Hint To Aggressively Boost GT Frequency For GPU Compute
Intel Releases OpenVINO 2024.1 With More Gen AI & LLM Features
Intel ANV Vulkan Driver Enables VK_KHR_shader_float_controls2
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
Valve Publishes Steam Survey Numbers For April 2024
Punting GPU Drivers From The Initramfs Due To Ever Increasing Firmware Bloat