Intel's SGX tiptoes towards Linux

SDK, driver live on GitHub


Intel has fulfilled a promise made in April to open-source a Linux driver for its SGX technology.

SGX – Software Guard Extensions – first landed in 2013, and allows programmers to lock up code and data inside containers enforced by the CPU. The idea is to create an environment to assure people "clouding" their enterprise systems that not even admins in the data centre can spy on what's going on.

Back in April, Chipzilla promised an SGX SDK for Linux, and a few weeks ago – with so little fuss we overlooked it – it made good over at GitHub.

The current implementation is very Alpha-looking, with just one distribution anointed to run SGX – Ubuntu 14.04-LTS 64bits. The hardware requirement is a Skylake system configured with SGX enabled.

Its Linux SGX implementation includes driver, SDK, and platform software. Intel notes that the driver isn't yet incorporated into the Linux main tree.

SGX is designed to get around the problem that any encrypted data has to be decrypted at some point, so programs can operate on it (homomorphic encryption gets around this, but at a huge performance hit). With SGX running, data and runtime code are put in 'enclaves' that are invisible even to processors with root-level privilege.

It's not perfect – in February, MIT's Victor Costan and Srinivas Devadas pulled apart how SGX obtains its certificates.

There's also been criticism (for example the discussion starting here at the Linux Kernel Mailing List about its status in the kernel), but perhaps with the code under GPL 2, perhaps developers will feel more comfortable with it. ®

Similar topics


Other stories you might like

  • The ‘substantial contributions’ Intel has promised to boost RISC-V adoption
    With the benefit of maybe revitalizing the x86 giant’s foundry business

    Analysis Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption.

    In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.

    While Intel invested in RISC-V chip designer SiFive in 2018, the semiconductor titan's intentions with RISC-V evolved last year when it revealed that the contract manufacturing business key to its comeback, Intel Foundry Services, would be willing to make chips compatible with x86, Arm, and RISC-V ISAs. The chipmaker then announced in February it joined RISC-V International, the ISA's governing body, and launched a $1 billion innovation fund that will support chip designers, including those making RISC-V components.

    Continue reading
  • FBI warns of North Korean cyberspies posing as foreign IT workers
    Looking for tech talent? Kim Jong-un's friendly freelancers, at your service

    Pay close attention to that resume before offering that work contract.

    The FBI, in a joint advisory with the US government Departments of State and Treasury, has warned that North Korea's cyberspies are posing as non-North-Korean IT workers to bag Western jobs to advance Kim Jong-un's nefarious pursuits.

    In guidance [PDF] issued this week, the Feds warned that these techies often use fake IDs and other documents to pose as non-North-Korean nationals to gain freelance employment in North America, Europe, and east Asia. Additionally, North Korean IT workers may accept foreign contracts and then outsource those projects to non-North-Korean folks.

    Continue reading
  • Elon Musk says Twitter buy 'cannot move forward' until spam stats spat settled
    A stunning surprise to no one in this Solar System

    Elon Musk said his bid to acquire and privatize Twitter "cannot move forward" until the social network proves its claim that fake bot accounts make up less than five per cent of all users.

    The world's richest meme lord formally launched efforts to take over Twitter last month after buying a 9.2 per cent stake in the biz. He declined an offer to join the board of directors, only to return asking if he could buy the social media platform outright at $54.20 per share. Twitter's board resisted Musk's plans at first, installing a "poison pill" to hamper a hostile takeover before accepting the deal, worth over $44 billion.

    But then it appears Musk spotted something in Twitter's latest filing to America's financial watchdog, the SEC. The paperwork asserted that "fewer than five percent" of Twitter's monetizable daily active users (mDAUs) in the first quarter of 2022 were fake or spammer accounts, which Musk objected to: he felt that figure should be a lot higher. He had earlier proclaimed that ridding Twitter of spam bots was a priority for him, post-takeover.

    Continue reading

Biting the hand that feeds IT © 1998–2022