Kernel Watch
Jon Masters summarises the latest happenings in the Linux kernel, so you don’t have to.
Linus Torvalds announced the fifth release candidate for what will be Linux 5.7, noting that “things look calm and safe to test” and “I dare you all to prove me wrong. Go ahead, make my day.” If things go according to plan, we should see 5.7 released shortly and be well into the merge window for 5.8 next month. We will have our usual summary of the shiny new features.
The kernel community regularly removes old code that’s unmaintained or supports hardware not produced this side of the millennium. That Christophe Leroy would post “Modernise powerpc 40x” and seek to remove support for legacy IBM embedded processors isn’t that unusual in context, but it struck a personal chord as the 405GP was the first processor I ever did a Linux port for. Nothing says you’ve been around for a while like machines you worked on becoming “legacy”.
Nitro enclaves
Amazon Web Services (AWS) is increasingly building its own novel hardware solutions. We have seen this with its home-grown Armbased server instances and its “Nitro” network accelerator cards, among many other things. This month, Amazon took to LKML to post patches for what it terms “Nitro Enclaves”. These are lightweight carve-outs from VMS in which customers can run sensitive routines that need to be isolated, to reduce the chance for data integrity to be compromised.
Enclaves aren’t a new concept. Perhaps the most well known is Intel’s Software Guard Extensions (SGX). SGX enables parts of an application to run isolated within the same processor. Even the kernel is unable to peek into what it’s doing. SGX is intended to be the kind of thing a streaming video service, say Netflix, might use to store their Digital Rights Management key handling code away from prying eyes.
But approaches like SGX have potential problems. We’ve seen over that processors can have security vulnerabilities and that these can break our assumptions around isolation. Presumably for that reason, AWS chose to implement its Enclave solution in the form of a stripped-down separate VM that runs physically separated from the main customer workload.
In the Amazon model, an Enclave carves out some of the host VM resources and the two then communicate over a virtio channel known as virtio-vsock. To the host VM, the enclave appears just as another PCI device with a new driver.
There was much debate over the “Add support for Nitro Enclaves” patches, including the desire to see Amazon publish its hypervisor support, or to make the enclaves boot like regular Linux VMS, rather than using the direct kernel loader with a new wrapper that Amazon had created. These are reasonable questions, but the kernel community is still coming to terms with the fact that in the cloud computing model machines and VMS can look very different from what you see on a laptop or desktop running Linux.