Intel Software Guard Extensions (SGX) provides new hardware-based capabilities to software developers to protect an application's secrets. SGX allows for the creation of a trusted environment without drawing any dependencies on the integrity of code elsewhere in the software stack, which in modern cloud environments may be millions of lines of code across the application, kernel and VMM.
This talk will provide a brief overview of SGX and its (nefarious) history with respect to Linux, followed by an in-depth analysis of the design and status of SGX virtualization support in KVM.