Intel AEX Notify Support For Linux: SGX Enclave Security Enhancement

Future Intel CPUs and some existing processors via a microcode update will support a new feature called the Asynchronous EXit (AEX) notification mechanism to help with Software Guard Extensions (SGX) enclave security. Patches for the Linux kernel are pending for implementing this Intel AEX Notify support with capable processors.

Intel's Asynchronous EXit (AEX) notification mechanism lets SGX enclaves run a handler after an AEX event. Those handlers can be used for things like mitigating SGX-Step as an attack framework for precise enclave execution control.

The pending Linux patches confirm the AEX Notify support will be found on upcoming processors (presumably Sapphire Rapids) as well as some existing processors via microcode update.

The link for this article located at Phoronix is no longer available.

×

×

Discover faster search, smarter navigation, and deeper Linux security insights. Read More