Discover Security Projects News
Intel AEX Notify Support Prepped For Linux To Help Enhance SGX Enclave Security
Future Intel CPUs and some existing processors via a microcode update will support a new feature called the Asynchronous EXit (AEX) notification mechanism to help with Software Guard Extensions (SGX) enclave security. Patches for the Linux kernel are pending for implementing this Intel AEX Notify support with capable processors.
Intel's Asynchronous EXit (AEX) notification mechanism lets SGX enclaves run a handler after an AEX event. Those handlers can be used for things like mitigating SGX-Step as an attack framework for precise enclave execution control.
The pending Linux patches confirm the AEX Notify support will be found on upcoming processors (presumably Sapphire Rapids) as well as some existing processors via microcode update.