Show Your Support: Did you know that the hundreds of articles written on Phoronix each month are mostly authored by one individual? Phoronix.com doesn't have a whole news room with unlimited resources and relies upon people reading our content without blocking ads and alternatively by people subscribing to Phoronix Premium for our ad-free service with other extra features.
Intel Discloses New Ice Lake Xeon Security Features
Today the company is just talking security features of Ice Lake Xeon. The company is confirming these upcoming Xeon CPUs will support:
- Intel Software Guard Extensions (SGX). While a number of security vulnerabilities around SGX have been disclosed since its debut in Skylake (Prime+Probe, LVI, SGAxe, Plundervolt, etc), Intel argues in today's announcement that it "is the most researched, updated and battle-tested TEE for data center confidential computing, with the smallest attack surface within the system." The Intel SGX Enclaves support for the Linux kernel remains a work-in-progress after going through patch review dozens of times.
- Intel Total Memory Encryption (TME). Total Memory Encryption has also been worked on for the Linux kernel already, similar to AMD's Secure Memory Encryption (SME).
- Intel Platform Firmware Resilience (PFR). PFR relies on an FPGA as a platform root of trust and can provide protection for the BIOS flash memory, BMC flash, SPI descriptor, Intel Management Engine, and power supply firmware from attacks.
- New cryptographic accelerators. Intel describes the Ice Lake Xeon crypto additions as "The first is a technique to stitch together the operations of two algorithms that typically run in combination yet sequentially, allowing them to execute simultaneously. The second is a method to process multiple independent data buffers in parallel."
That's it for today's Ice Lake Xeon disclosures and hopefully as the quarter moves on additional details will come to light.