Home > News content

Intel SGX's Linux kernel mainlined slowly

via:博客园     time:2019/7/25 21:08:55     readed:797

HardenedLinuxWrite:

SGX, as Intel's trusted computing framework after TXT, has been more application-oriented since its launch due to the closeness of its technological ecology.ControversialNever auditable until the end of last yeaThird Party Open Certification ServiceIntel expects to build a better ecosystem to reduce customers (cloud vendors and block chains?) Deployment costs, Intel submitted to the Linux Kernel Community in April 2016First edition SGX patchAfterThree years of discussion and revisionIn July 2019, Intel launched the Linux Kernel CommunityVersion 21 SGX patchThere is still no merger, and the core community believes that there are many fundamental issues that remain unresolved, includingABI CompatibilityAnd SGX as the core assumption of enclave computing: if the Linux kernel is compromised, SGX can ensure that applications are not interfered by attackers.

Even if this premise is correct, the question for kernel developers is: if there is a malicious enclave application, who will protect the kernel? And the first premise isL1TF ExposedSince then, it has been denied by the industry (although previous studies have revealed it, but the media has not reported it on a large scale). The exposure of L1TF and the ebb tide of block chain have broken many people's expectations of SGX silver bullet. Regression to the essence of technology, SGX still has some suitable application scenarios. The mainstreaming of SGX's Linux has been going on for more than three years. It may soon be merged, or it may take another three years.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments