Intel has fulfilled a promise made in April to open-source a Linux driver for its SGX technology.
SGX – Software Guard Extensions – first landed in 2013, and allows programmers to lock up code and data inside containers enforced by the CPU. The idea is to create an environment to assure people "clouding" their enterprise systems that not even admins in the data centre can spy on what's going on.
The current implementation is very Alpha-looking, with just one distribution anointed to run SGX – Ubuntu 14.04-LTS 64bits. The hardware requirement is a Skylake system configured with SGX enabled.
Its Linux SGX implementation includes driver, SDK, and platform software. Intel notes that the driver isn't yet incorporated into the Linux main tree.
SGX is designed to get around the problem that any encrypted data has to be decrypted at some point, so programs can operate on it (homomorphic encryption gets around this, but at a huge performance hit). With SGX running, data and runtime code are put in 'enclaves' that are invisible even to processors with root-level privilege.
It's not perfect – in February, MIT's Victor Costan and Srinivas Devadas pulled apart how SGX obtains its certificates.
There's also been criticism (for example the discussion starting here at the Linux Kernel Mailing List about its status in the kernel), but perhaps with the code under GPL 2, perhaps developers will feel more comfortable with it. ®