This looks like an advertisement for AMD Epyc processors until you get to that bright yellow “solutions available today” box and realize we’re talking about Intel. [credit:
At Intel’s Security Day event on Tuesday, the company laid down its present and future vision for security-focused features in its hardware.
Intel’s Anil Rao and Scott Woodgate opened their presentation with a present-and-future discussion of Intel’s SGX (Software Guard Extensions), but their coverage of the company’s plans to bring Full Memory Encryption to future Intel CPUs was more interesting.
Software Guard Extensions
Intel SGX—announced in 2014, and launched with the Skylake microarchitecture in 2015—is one of the first hardware encryption technologies designed to protect areas of memory from unauthorized users, up to and including the system administrators themselves. SGX is a set of x86_64 CPU instructions which allows a process to create an “enclave” within memory which is hardware encrypted. Data stored in the encrypted enclave is only decrypted within the CPU—and even then, it is only decrypted at the request of instructions executed from within the enclave itself.