Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Linux distributions and SGX VM requirements

Anandakumar
New Contributor II
582 Views

Hello All,

 

Supported Linux distribution and their stable version's kernel are,

Ubuntu - 5.4.168

RHEL - 4.18.0-348

CentOS8 - EOL reached.

Fedora - 5.15

 

In that, except fedora other distributions stable versions are in the older kernel version. But, KVM-SGX patch and SGX driver are up-streamed to main kernel tree in the kernel 5.13* and above.

 

In my case, I am testing Intel SGX in the Debian11 with stable kernel 5.10*. I have tested the SGX app features on kernel 5.10*. Also, I have manually updated kernel to 5.13* and above, with qemu 6.2.5 version I am able to start SGX VMs.  

 

How other linux users achieve VMs with Intel SGX features ? 

 

Do we need to update the kernel version ? 

     - Going with newer kernel other than default kernel supported by the distribution, will that affect the security and package bug fixes?

    -  Also, I got suggestions to use Debian backported kernel, in that case, security and package fixes will apply to the updated system?

 

Any help would be appreciated. 

 

Thanks

Anand

 

0 Kudos
1 Solution
JesusG_Intel
Moderator
557 Views

Hello Anandakumar,


It is best to use kernel version 5.11+, if possible, so that you take advantage of the in-kernel SGX driver. Once that kernel version or newer is ubiquitous/shipping everywhere in the future, we will drop support for the standalone DCAP driver.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

3 Replies
JesusG_Intel
Moderator
558 Views

Hello Anandakumar,


It is best to use kernel version 5.11+, if possible, so that you take advantage of the in-kernel SGX driver. Once that kernel version or newer is ubiquitous/shipping everywhere in the future, we will drop support for the standalone DCAP driver.


Regards,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
533 Views

Hello Anandakumar,


Do you have further questions regarding kernel support of SGX?


Sincerely,

Jesus G.

Intel Customer Support


JesusG_Intel
Moderator
512 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply