Fedora 42 Looking To Package Intel SGX Software Stack
([Fedora] 3 Hours Ago
Fedora 42 + Intel SGX)
- Reference: 0001510202
- News link: https://www.phoronix.com/news/Fedora-42-Looks-At-SGX
- Source link:
Fedora stakeholders are evaluating supporting an Intel Software Guard Extensions (SGX) software stack with next year's Fedora 42 release.
Intel [1]SGX is a means of creating a trusted execution envionment on supported CPUs -- a variety of Intel Core and Xeon processors support it. But it's been controversial due to a number of published security vulnerabilities around it over the years and the idea of "trusted" execution in the open-source world rubbing some users the wrong way, especially if SGX is used for purposes of Digital Rights Management. Linux adoption around Intel SGX has been fairly limited beyond some enterprises.
With Fedora 42 they are looking to offer optional Intel SGX software packages in part as a step toward enabling Intel Trust Domain Extensions ( [2]TDX ) in a future Fedora release on Intel servers.
"The Intel SGX technology enables creation of execution enclaves, whose memory is encrypted and thus protected from all other code running on the CPU, including SMM, firmware, kernel and userspace. This proposal is to introduce the SGX host software stack, architectural enclaves and development packages to Fedora, to enable future introduction applications and features which have a dependency on SGX technology.
The primary feature that will leverage SGX in a subsequent Fedora release is expected to be Intel TDX, which provides confidential virtual machines, and is in the process of being integrated with QEMU and Linux/KVM."
The Fedora Engineering and Steering Committee (FESCo) still has to vote on the Intel SGX proposal for Fedora 42 but for those interested can see the plans on the [3]Fedora Wiki .
[1] https://www.phoronix.com/search/SGX
[2] https://www.phoronix.com/search/TDX
[3] https://fedoraproject.org/wiki/Changes/IntelSGX
Intel [1]SGX is a means of creating a trusted execution envionment on supported CPUs -- a variety of Intel Core and Xeon processors support it. But it's been controversial due to a number of published security vulnerabilities around it over the years and the idea of "trusted" execution in the open-source world rubbing some users the wrong way, especially if SGX is used for purposes of Digital Rights Management. Linux adoption around Intel SGX has been fairly limited beyond some enterprises.
With Fedora 42 they are looking to offer optional Intel SGX software packages in part as a step toward enabling Intel Trust Domain Extensions ( [2]TDX ) in a future Fedora release on Intel servers.
"The Intel SGX technology enables creation of execution enclaves, whose memory is encrypted and thus protected from all other code running on the CPU, including SMM, firmware, kernel and userspace. This proposal is to introduce the SGX host software stack, architectural enclaves and development packages to Fedora, to enable future introduction applications and features which have a dependency on SGX technology.
The primary feature that will leverage SGX in a subsequent Fedora release is expected to be Intel TDX, which provides confidential virtual machines, and is in the process of being integrated with QEMU and Linux/KVM."
The Fedora Engineering and Steering Committee (FESCo) still has to vote on the Intel SGX proposal for Fedora 42 but for those interested can see the plans on the [3]Fedora Wiki .
[1] https://www.phoronix.com/search/SGX
[2] https://www.phoronix.com/search/TDX
[3] https://fedoraproject.org/wiki/Changes/IntelSGX
HeadPlug