Intel today revealed the data security and privacy upgrades that will be introduced to the upcoming 3rd generation Intel Xeon Scalable processors code-named Ice Lake and specifically built to power data center platforms.
"Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension (Intel SGX) to the full spectrum of Ice Lake platforms," the chip manufacturer said.
Intel SGX is an Intel processor security feature that allows applications to run within protected software containers known as enclaves, providing hardware-based memory encryption that fully isolates the apps' code and data in memory.
New security features
Beyond Intel SGX, the 3rd Gen Xeon Scalable platform also includes new security tech to protect data integrity and confidentiality and secure sensitive workloads.
Ice Lake adds Intel Total Memory Encryption (Intel TME) to the Intel Xeon Scalable platform, to secure the data accessed from the CPU — including encryption keys, credentials, and other sensitive info — against hardware attacks by encrypting the entire memory of a system.
It introduces Intel Platform Firmware Resilience (Intel PFR), a capability designed to protect platform firmware by automatically detecting firmware corruption and restoring to a previous unaffected state before attackers can compromise or permanently disable the system.
"The firmware components protected can include BIOS Flash, BMC Flash, SPI Descriptor, Intel Management Engine, and power supply firmware," Intel said.
The Ice Lake Xeon platform also comes with new cryptographic accelerators that improve the platform's overall confidentiality and integrity of data across storage, server, and network infrastructure.
Two innovations are behind Ice Lake's cryptographic acceleration: a technique that stitches the operations of two algorithms for simultaneous execution and a method allowing parallel processing of multiple independent data buffers.
"Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity," Lisa Spelman, Intel corporate vice president and general manager of the Xeon and Memory Group, said.
The new security features built within Ice Lake are designed to decrease privacy and compliance risks, including but not limited to regulated data in healthcare and financial services.
More platform improvements
The company's 3rd Gen Xeon Scalable processors also feature enhanced performance with up to 28 cores per processor, as well as up to 224 cores per platform.
They also come with support for increased DDR4 memory speed and capacity, allowing builds featuring up to 6 channels of DDR4-3200 MT/s and 16Gb DIMMs, with a maximum of 256GB DDR4 DIMMs per socket.
Up to six Intel UPI (Ultra Path Interconnect) channels can also be used to boost platform scalability, while Intel AVX-512 (Advanced Vector Extensions 512) increase throughput and performance of demanding computational tasks.
"Microsoft Azure was the first major public cloud to offer confidential computing, and customers from industries including finance, healthcare, government are using confidential computing on Azure today" Mark Russinovich, Microsoft Azure chief technology officer, said.
"We believe the next-generation Intel Xeon processors with Intel SGX featuring full memory encryption and cryptographic acceleration will help our customers unlock even more confidential computing scenarios."
Comments
the_moss_666 - 3 years ago
TME:
Nice feature, but it won't solve the hardware trust issues. The encryption key needs to be stored somewhere and distributed, it will be susceptible to potential side channel attacks as well as other parts of the CPU. Very unlikely, but possible.
Still a useful feature. It's a huge obstacle for most hackers and malware.
PFR:
Good timing. Last week, there was a first custom made and sofisticated UEFI malware cought in the wild. It most likely needed physical access to PC, but with all the firmware updates flying around, successful supply chain attack on firmware is only a matter of time.