We go through the current state of the Intel SGX support in the Linux kernel and userland. The topics covered include the kernel interface and its features, and available confidential computing run-times supporting SGX. Since getting into the mainline kernel late 2020, the SGX software ecosystem has started to get mature enough for production, and is the only cloud-scale confidential computing technology fully in the mainline kernel so far.


Linux Security Summit (LSS) is a technical forum for collaboration between Linux developers, researchers, and end users with the primary aim of fostering community efforts to analyze and solve Linux security challenges.

LSS is where key Linux security community members and maintainers gather to present their work and discuss research with peers, joined by those who wish to keep up with the latest in Linux security development and who would like to provide input to the development process.

State of Intel SGX in Linux

Conference: Linux Security Summit Europe 2022

Authors: Roman Volosatovs, Jarkko Sakkinen

Abstract

Post a comment

Related work

Confidential Containers Explained

eBPF, I thought we were friends !

Plundervolt: Flipping Bits from Software without Rowhammer

Evil eBPF In-Depth: Practical Abuses of an In-Kernel Bytecode Runtime

sOfT7: Revealing the Secrets of Siemens S7 PLCs

When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security