Intel SGX Driver Updated But Likely Too Late For Linux 4.15
Written by Michael Larabel in Intel on 13 November 2017 at 06:15 PM EST. 5 Comments
INTEL --
Not to be confused with PowerVR SGX, the Intel SGX driver was revised with new patches published today but it doesn't look like it will land for Linux 4.15.

The Intel SGX driver is in reference to Software Guard Extensions. SGX instructions on modern Intel CPUs allow user code to allocate private memory regions (or "enclaves" within SGX speak) that are protected from higher privilege levels. SGX is useful in some secure computing scenarios, Digital Rights Management, and other areas where you are just looking to secure memory in a "reverse sandbox" type approach.

SGX has been supported since Intel Skylake, but there isn't yet a mainline Linux kernel driver. Today the sixth version of the Intel SGX Linux driver was published that addresses feedback from previous review, an updated API, etc.

The patch series further describes the work as:
Intel SGX is a set of CPU instructions that can be used by applications to set aside private regions of code and data. The code outside the enclave is disallowed to access the memory inside the enclave by the CPU access control. In a way you can think that SGX provides inverted sandbox. It protects the application from a malicious host.

There is a new hardware unit in the processor called Memory Encryption Engine (MEE) starting from the Skylake microacrhitecture. BIOS can define one or many MEE regions that can hold enclave data by configuring them with PRMRR registers.

The MEE automatically encrypts the data leaving the processor package to the MEE regions. The data is encrypted using a random key whose life-time is exactly one power cycle.
With the Linux 4.15 kernel merge window having already started and this driver still being reviewed and not having gone in already into a -next tree, this Intel SGX support is likely going to have to wait until at least Linux 4.16 before seeing mainline. The Linux onboarding of this support has been going on now for almost two years.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Intel News
Popular News