[$] SGX: when 20 patch versions aren't enough

Intel's 'Software Guard
Extensions' (SGX) feature allows the creation of
encrypted 'enclaves' that cannot be accessed from the rest of the system.
Normal code can call into an enclave, but only code running inside the
enclave itself can access the data stored there. SGX is pitched as a way
of protecting data from a hostile kernel; for example, an encryption key
stored in an
enclave should be secure even if the system as a whole is compromised.
Support for SGX has been under development for over three years; LWN covered it in 2016. But, as can be seen from
the response to the
latest revision of the SGX patch set, all that work has still not
answered an important question: what protects the kernel against a hostile
enclave?