From security standpoint, this release is rich of improvements to Intel SGX support. Let's have a look in more detail.
Intel Software Guard Extensions
This is a set of CPU instructions for manipulating special regions of memory called enclaves. In the heart of this paradigm is the fact that nowadays for certain environment and applications even RAM cannot be trusted. So these regions have special protection as compared to normal regions: they are encrypted, signed, and not readable from outside, even from the kernel code. Yeah, kernel is longer trusted, too. You guessed it, the encryption is done in hardware.
Implementation in Linux
First, you can check if these instructions are supported and enabled for your CPU, by doing:
grep sgx /proc/cpuinfo
If the output is non-empty, then you they are enabled. If it is empty, then it is either not supported by the CPU, or disabled in BIOS. And the source code resides in arch/x86/kernel/cpu/sgx. User-space world interfaces with SGX using /dev/sgx_enclave and /dev/sgx_provision devices and by calling ioctls on them.
CPU and kernel manage enclaves by pages. A special memory structure, Enclave Page Cache (EPC), is used to store pages belonging to enclaves, and this structure is protected from reading by "untrusted" code by BIOS. In addition, there is a Enclave Page Cache Map (EPCM) that contains pointers to the pages from EPC along with their attributes. Everything is done in such a way that it is managed in a separated fashion on hardware level.
When an enclave is created, the kernel reserves a tmpfs "file" for it called backing store and visible as "SGX backing" in /proc/PID/maps. It is need for the page reclaim process. This is similar to what the kernel thread kswapd does. We have ksgxd thread that "swaps" enclave pages to normal memory when the system runs out of memory available for enclaves. The process of removing an enclave page from its backing store is called truncation. For instance, it is done when there is a free space in the enclave memory again, and this page is moved into the protected memory region where it was supposed to be. Note that there is nothing wrong with temporarily moving them to normal memory since all these pages are encrypted.
Paging Crypto Metadata (PCMD) page is a special type of page that accompanies enclave pages containing the data itself. Two backing storage pages are associated with each enclave page - one backing page to contain the encrypted enclave page data and one backing page (shared by a few enclave pages) to contain the crypto metadata used by the processor to verify the enclave page when it is loaded back into the enclave.
The support for SGX was originally added in 5.11. In 5.18.2 it receives a set of improvements, such as:
- Truncation for certain types of PCMD pages is improved: a warning is added if the page was not empty
- Fixed race condition in both the reclaime and back store management code
- More correct freeing of backing store containing a PCMD page
Useful Links