[$] SGX: when 20 patch versions aren't enough

Intel's "Software GuardExtensions" (SGX) feature allows the creation of encrypted "enclaves" that cannot be accessed from the rest of the system.Normal code can call into an enclave, but only code running inside theenclave itself can access the data stored there. SGX is pitched as a wayof protecting data from a hostile kernel; for example, an encryption keystored in an enclave should be secure even if the system as a whole is compromised.Support for SGX has been under development for over three years; LWN covered it in 2016. But, as can be seen fromthe response to thelatest revision of the SGX patch set, all that work has still notanswered an important question: what protects the kernel against a hostileenclave?