Intel Discloses New Ice Lake Xeon Security Features

Written by Michael Larabel in Intel on 14 October 2020 at 09:00 AM EDT. 8 Comments
INTEL
Intel today is revealing a few details concerning upcoming Intel 3rd Generation Xeon Scalable "Ice Lake" processors.

Today the company is just talking security features of Ice Lake Xeon. The company is confirming these upcoming Xeon CPUs will support:

- Intel Software Guard Extensions (SGX). While a number of security vulnerabilities around SGX have been disclosed since its debut in Skylake (Prime+Probe, LVI, SGAxe, Plundervolt, etc), Intel argues in today's announcement that it "is the most researched, updated and battle-tested TEE for data center confidential computing, with the smallest attack surface within the system." The Intel SGX Enclaves support for the Linux kernel remains a work-in-progress after going through patch review dozens of times.

- Intel Total Memory Encryption (TME). Total Memory Encryption has also been worked on for the Linux kernel already, similar to AMD's Secure Memory Encryption (SME).

- Intel Platform Firmware Resilience (PFR). PFR relies on an FPGA as a platform root of trust and can provide protection for the BIOS flash memory, BMC flash, SPI descriptor, Intel Management Engine, and power supply firmware from attacks.

- New cryptographic accelerators. Intel describes the Ice Lake Xeon crypto additions as "The first is a technique to stitch together the operations of two algorithms that typically run in combination yet sequentially, allowing them to execute simultaneously. The second is a method to process multiple independent data buffers in parallel."

That's it for today's Ice Lake Xeon disclosures and hopefully as the quarter moves on additional details will come to light.
8 Comments
Related News
Intel's Latest Linux Patches To Boost VM Performance - Particularly For High I/O Use
Intel Releases OpenVINO 2023 - Load TF Models Directly, Hybrid CPU Thread Scheduling
Intel VPU To Be Found On All Meteor Lake SKUs, Intel Seeding Open-Source Projects
Intel's Vulkan Linux Driver Temporarily No Longer Identifies As "Intel" For CP2077
Intel Posts Latest 113 Patches For Linux KVM TDX Support
Linux Lands Fix For Potentially Bogus Number Of Intel Hybrid CPU HT Siblings
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
XFS Metadata Corruption On Linux 6.3 Tracked Down To One Missing One-Line Patch
System76 Virgo Aims To Be The Quietest Yet Most Performant Linux Laptop
Those Using The XFS File-System Will Want To Avoid Linux 6.3 For Now
Intel Arc Graphics A750/A770 Quick Linux Competition With The Radeon RX 7600
Linux Patches Improve VM Guest Performance When The Host Encounters Memory Pressure
Vulkan 1.3.251 Released With One New Extension Worked On By Valve, Nintendo & Others
Red Hat To Stop Shipping LibreOffice In Future RHEL, Limiting Fedora LO Involvement
Wine 8.9 Released With More Wayland Bits, Mono 8.0 Upgrade