Intel Discloses New Ice Lake Xeon Security Features

Written by Michael Larabel in Intel on 14 October 2020 at 09:00 AM EDT. 8 Comments
INTEL
Intel today is revealing a few details concerning upcoming Intel 3rd Generation Xeon Scalable "Ice Lake" processors.

Today the company is just talking security features of Ice Lake Xeon. The company is confirming these upcoming Xeon CPUs will support:

- Intel Software Guard Extensions (SGX). While a number of security vulnerabilities around SGX have been disclosed since its debut in Skylake (Prime+Probe, LVI, SGAxe, Plundervolt, etc), Intel argues in today's announcement that it "is the most researched, updated and battle-tested TEE for data center confidential computing, with the smallest attack surface within the system." The Intel SGX Enclaves support for the Linux kernel remains a work-in-progress after going through patch review dozens of times.

- Intel Total Memory Encryption (TME). Total Memory Encryption has also been worked on for the Linux kernel already, similar to AMD's Secure Memory Encryption (SME).

- Intel Platform Firmware Resilience (PFR). PFR relies on an FPGA as a platform root of trust and can provide protection for the BIOS flash memory, BMC flash, SPI descriptor, Intel Management Engine, and power supply firmware from attacks.

- New cryptographic accelerators. Intel describes the Ice Lake Xeon crypto additions as "The first is a technique to stitch together the operations of two algorithms that typically run in combination yet sequentially, allowing them to execute simultaneously. The second is a method to process multiple independent data buffers in parallel."

That's it for today's Ice Lake Xeon disclosures and hopefully as the quarter moves on additional details will come to light.
8 Comments
Related News
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features