Shulou(Shulou.com)11/24 Report--

CTOnews.com, December 15 / PRNewswire-FirstCall-Asianet /-- Linux 6.2 under development plans to further enhance hardware security by introducing asynchronous exit notification (Asynchronous Exit Notification) mechanism for Intel's Intel Software Protection extension (SGX) in addition to TDX guest authentication support.

The latest SGX code merged by the Linux 6.2 kernel can safely use the asynchronous exit (AEX) notification mechanism of the new Intel CPU. The AEX notification path allows a handler to be run on the exit event, which in turn alleviates problems such as SGX-Step vulnerabilities. Support for AEX Notify helps strengthen defenses around Intel SGX to prevent whole-class attacks.

CTOnews.com learned that with the current consolidation of x86 / sgx code in Linux 6.2, AEX Notify supports use in bare metal (Bare-metal) user space runtime environment (enclave) and KVM virtual machine (VM) to better protect the SGX user space runtime environment on supporting processors.

In addition to SGX AEX Notify and TDX object authentication, other security improvements of Linux 6.2 include Call Depth Tracking,FineIBT as a control flow integrity option for CPU that supports indirect branch tracking (IBT) to reduce processor Retbleed overhead in the Skylake era, as well as general security improvements.

CTOnews.com learned that Intel Software Protection extensions are a set of security-related instructions that are built into some modern Intel CPUs. They allow user-mode and kernel-state code definitions to set a specific memory area to a private area, also known as an enclave. Its contents are protected and cannot be accessed by any process other than itself, including processes running at a higher privilege level. CPU encrypts memory protected by SGX.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.