ACK: LP: #1844245 - Integrate Intel SGX driver into linux-azure

Connor Kuehl connor.kuehl at
Tue Dec 10 19:59:54 UTC 2019

On 12/4/19 8:24 AM, Marcelo Henrique Cerri wrote:
> Microsoft will offer a new confidential compute VM on Azure[1] and
> this new instance type will basically rely on Intel's SGX technology
> that wasn't integrated upsteam yet.
> In other to provide the best user experience we will integrate Intel's
> out of tree module into the linux-azure kernel. However due to
> maintenance and security concerns the module will not be loaded by
> default.
> For that we are blacklisting the module and also adding a systemd
> service to the linux-cloud-tools-common package in other to provide an
> easy way for users to load the module by default if they desire so.
> The version that Microsoft recommended us to integrate is currently
> available at GitHub[2].
> Patches for Trusty were intentionally left outside of the scope this
> RFC because it doesn't rely on systemd and it's not clear yet if
> Trusty will be available for this new instance type.
> I'm also suppressing any kind of automation to pick up new changes
> directly from Intel's GitHub repository (as I had included on a
> previous patchset I had submitted), because we are still discussing
> how updates will be handled.
> [1]
> [2]

Acked-by: Connor Kuehl <connor.kuehl at>

More information about the kernel-team mailing list