Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Linux distributions and SGX VM requirements

Anandakumar
New Contributor II
1,705 Views

Hello All,

 

Supported Linux distribution and their stable version's kernel are,

Ubuntu - 5.4.168

RHEL - 4.18.0-348

CentOS8 - EOL reached.

Fedora - 5.15

 

In that, except fedora other distributions stable versions are in the older kernel version. But, KVM-SGX patch and SGX driver are up-streamed to main kernel tree in the kernel 5.13* and above.

 

In my case, I am testing Intel SGX in the Debian11 with stable kernel 5.10*. I have tested the SGX app features on kernel 5.10*. Also, I have manually updated kernel to 5.13* and above, with qemu 6.2.5 version I am able to start SGX VMs.  

 

How other linux users achieve VMs with Intel SGX features ? 

 

Do we need to update the kernel version ? 

     - Going with newer kernel other than default kernel supported by the distribution, will that affect the security and package bug fixes?

    -  Also, I got suggestions to use Debian backported kernel, in that case, security and package fixes will apply to the updated system?

 

Any help would be appreciated. 

 

Thanks

Anand

 

0 Kudos
1 Solution
JesusG_Intel
Moderator
1,680 Views

Hello Anandakumar,


It is best to use kernel version 5.11+, if possible, so that you take advantage of the in-kernel SGX driver. Once that kernel version or newer is ubiquitous/shipping everywhere in the future, we will drop support for the standalone DCAP driver.


Regards,

Jesus G.

Intel Customer Support


View solution in original post

0 Kudos
3 Replies
JesusG_Intel
Moderator
1,681 Views

Hello Anandakumar,


It is best to use kernel version 5.11+, if possible, so that you take advantage of the in-kernel SGX driver. Once that kernel version or newer is ubiquitous/shipping everywhere in the future, we will drop support for the standalone DCAP driver.


Regards,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,656 Views

Hello Anandakumar,


Do you have further questions regarding kernel support of SGX?


Sincerely,

Jesus G.

Intel Customer Support


0 Kudos
JesusG_Intel
Moderator
1,635 Views

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Reply