How does Linux kernel use Intel SGX (Software Guard Extensions)?

On a new installation of Linux Mint 22 Cinnamon (based on Ubuntu 24.04), I went through dmesg, and I made a possibly interesting discovery, the new 6.8 Linux kernel showed me warning, that I have Intel SGX disabled in my UEFI BIOS, so I enabled it with this result:

# dmesg | grep -i sgx [ 0.442210] sgx: EPC section 0x60200000-0x65f7ffff 

I did not notice it on 5.15 Linux kernel, but that could also be caused by the fact I was not looking for it.

So, naturally my question would be: How does Linux kernel use Intel SGX?

---

For completeness, I looked for some article about it, found only too technical (for me):

• https://docs.kernel.org/arch/x86/sgx.html

• https://www.intel.com/content/www/us/en/developer/articles/technical/virtualizing-intel-software-guard-extensions-with-kvm-and-qemu.html

---

I am looking for more or less simple answer, and if not possible to make it simple, please try to modify your answer to need-to-know basis. Thank you very much!

---

Additionally I found this description:

Intel Software Guard Extensions (SGX) is a set of instruction codes that create a secure environment within Intel CPUs, allowing for the creation of protected private memory regions called enclaves. SGX is used for secure remote computation, web browsing, DRM, concealing proprietary algorithms, and encryption keys. It was first introduced in 2015 with the sixth generation Intel Core processors and is designed for secure applications like digital rights management and secure web browsing.