linux-drivers/
drivers/virt/nitro_enclaves

AWS Nitro Enclaves guest driver

Guest-side Linux support for AWS Nitro Enclaves, a feature of EC2 Nitro instances that lets a running VM spawn an isolated, hardened child VM with no networking or persistent storage for handling secrets and confidential workloads. It only does anything useful when Linux is running as an EC2 guest on Nitro hardware (Intel, AMD, or Graviton), and has been a current AWS offering since 2020.

keep-annotate conf=0.82 deploy=low replacement=none subsystem=virt category=virtualization
82%

recommendation

Worth keeping but documenting its niche, because it only has a purpose inside AWS EC2 instances built on the Nitro hypervisor, where it lets a parent VM carve off an isolated child enclave for confidential computing. AWS still actively sells and expands the feature (Graviton support, EKS integration, multiple enclaves per instance through 2023), but upstream Linux activity has been light since the initial 2020 merge, with only occasional fixes in 2021-2022. A short note in the tree clarifying that this is AWS-cloud-only would help future maintainers.

repository signals

7 files
2,999 source lines
18 commits, 5y
+370 / −157 lines added / removed, 5y
8 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 18 total · active in 8/61 months
2021 2022 2023 2024 2025 2026 2021-04: 1 commit · +17 −26 2021-05: 0 commits · +0 −0 2021-06: 1 commit · +2 −0 2021-07: 0 commits · +0 −0 2021-08: 4 commits · +18 −17 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 5 commits · +305 −54 2021-12: 1 commit · +3 −2 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 0 commits · +0 −0 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 1 commit · +4 −33 2022-08: 1 commit · +1 −1 2022-09: 0 commits · +0 −0 2022-10: 0 commits · +0 −0 2022-11: 0 commits · +0 −0 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 0 commits · +0 −0 2023-03: 0 commits · +0 −0 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 0 commits · +0 −0 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 0 commits · +0 −0 2023-11: 0 commits · +0 −0 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 0 commits · +0 −0 2024-04: 0 commits · +0 −0 2024-05: 0 commits · +0 −0 2024-06: 0 commits · +0 −0 2024-07: 0 commits · +0 −0 2024-08: 0 commits · +0 −0 2024-09: 0 commits · +0 −0 2024-10: 0 commits · +0 −0 2024-11: 0 commits · +0 −0 2024-12: 0 commits · +0 −0 2025-01: 0 commits · +0 −0 2025-02: 0 commits · +0 −0 2025-03: 0 commits · +0 −0 2025-04: 0 commits · +0 −0 2025-05: 0 commits · +0 −0 2025-06: 0 commits · +0 −0 2025-07: 0 commits · +0 −0 2025-08: 0 commits · +0 −0 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 4 commits · +20 −24 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. lore.kernel.org

    Upstream lore shows substantive device-specific maintenance in 2021 ('Set Bus Master for the NE PCI device').

  2. lore.kernel.org

    Upstream lore shows 2022 maintenance for the nitro_enclaves tests/KUnit coverage, indicating the code was still being tended after initial merge.

  3. docs.aws.amazon.com

    AWS documents Nitro Enclaves as a current EC2 feature supported on most Intel, AMD, and Graviton Nitro-based instance types.

  4. docs.aws.amazon.com

    AWS Nitro Enclaves documentation history records post-launch feature work such as EKS support, Graviton support, and multiple enclaves per instance through 2023.

  5. docs.aws.amazon.com

    AWS continues to publish current Nitro System instance-family documentation, indicating the underlying platform remains in active new deployment.

codex reasoning notes (technical)

Lore evidence came from `lore_file_timeline` on `drivers/virt/nitro_enclaves/ne_pci_dev.c` and `drivers/virt/nitro_enclaves/ne_misc_dev.c`; it shows no obvious removal/deprecation thread, only limited driver-specific activity in 2021-2022 plus later treewide churn. Deployment evidence came from `web.search_query` on official AWS docs, which still describe Nitro Enclaves as a current EC2 feature on most Nitro instance types. This is a cloud-niche driver with real current platform relevance but sparse upstream attention, so `keep-annotate` fits better than deprecate/remove.