[Acked/CMT] LP: #1844245 - Integrate Intel SGX driver into linux-azure
Andy Whitcroft
apw at canonical.com
Wed Dec 11 12:30:20 UTC 2019
On Wed, Dec 04, 2019 at 01:24:37PM -0300, Marcelo Henrique Cerri wrote:
> https://bugs.launchpad.net/bugs/1844245
>
> Microsoft will offer a new confidential compute VM on Azure[1] and
> this new instance type will basically rely on Intel's SGX technology
> that wasn't integrated upsteam yet.
>
> In other to provide the best user experience we will integrate Intel's
> out of tree module into the linux-azure kernel. However due to
> maintenance and security concerns the module will not be loaded by
> default.
>
> For that we are blacklisting the module and also adding a systemd
> service to the linux-cloud-tools-common package in other to provide an
> easy way for users to load the module by default if they desire so.
>
> The version that Microsoft recommended us to integrate is currently
> available at GitHub[2].
>
> Patches for Trusty were intentionally left outside of the scope this
> RFC because it doesn't rely on systemd and it's not clear yet if
> Trusty will be available for this new instance type.
>
> I'm also suppressing any kind of automation to pick up new changes
> directly from Intel's GitHub repository (as I had included on a
> previous patchset I had submitted), because we are still discussing
> how updates will be handled.
>
> [1] https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoft-azure-compute.confidentialcompute
> [2] https://github.com/haimc-intel/SGXDataCenterAttestationPrimitives
That is a large pile of code. The approach seems sane enough. Do we
expect to see this code coming to mainline any time soon ? I guess I
would like Tyler to give it the once over as well.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list