Software Guard Extensions

Intel Software Guard Extensions (SGX) is a set of instruction codes implementing trusted execution environment that are built into some Intel central processing units (CPUs). They allow user-level and operating system code to define protected private regions of memory, called enclaves.[1][2] SGX is designed to be useful for implementing secure remote computation, secure web browsing, and digital rights management (DRM).[3] Other applications include concealment of proprietary algorithms and of encryption keys.[4]

SGX involves encryption by the CPU of a portion of memory (the enclave). Data and code originating in the enclave are decrypted on the fly within the CPU,[4] protecting them from being examined or read by other code,[4] including code running at higher privilege levels such as the operating system and any underlying hypervisors.[1][4][2] While this can mitigate many kinds of attacks, it does not protect against side-channel attacks.[5]

A pivot by Intel in 2021 resulted in the deprecation of SGX from the 11th and 12th generation Intel Core Processors, but development continues on Intel Xeon for cloud and enterprise use.[6][7]

  1. ^ a b "Intel SGX for Dummies (Intel SGX Design Objectives)". intel.com. 2013-09-26.
  2. ^ a b johnm (2017-08-08). "Properly Detecting Intel® Software Guard Extensions (Intel® SGX) in Your Applications". software.intel.com. Retrieved 2019-02-15.
  3. ^ "Intel SGX Details". intel.com. 2017-07-05.
  4. ^ a b c d "Researchers Use Intel SGX To Put Malware Beyond the Reach of Antivirus Software - Slashdot". it.slashdot.org. 12 February 2019.
  5. ^ "Intel SGX and Side-Channels". intel.com. 2020-02-28.
  6. ^ Cite error: The named reference bleep was invoked but never defined (see the help page).
  7. ^ anrilr (2022-01-20). "Rising to the Challenge — Data Security with Intel Confidential Computing". community.intel.com. Retrieved 2022-04-20.