Intel promises Full Memory Encryption in upcoming CPUs

At Intel’s Security Day event on Tuesday, the company laid down its present and future vision for security-focused features in its hardware.

Intel’s Anil Rao and Scott Woodgate opened their presentation with a present-and-future discussion of Intel’s SGX (Software Guard Extensions), but their coverage of the company’s plans to bring Full Memory Encryption to future Intel CPUs was more interesting.

Software Guard Extensions

Intel SGX—announced in 2014, and launched with the Skylake microarchitecture in 2015—is one of the first hardware encryption technologies designed to protect areas of memory from unauthorized users, up to and including the system administrators themselves. SGX is a set of x86_64 CPU instructions which allows a process to create an “enclave” within memory which is hardware encrypted. Data stored in the encrypted enclave is only decrypted within the CPU—and even then, it is only decrypted at the request of instructions executed from within the enclave itself.

Read 13 remaining paragraphs | Comments