# Technology

{% hint style="info" %}
The official overview: [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html)
{% endhint %}

Intel Software Guard Extensions (SGX) is an architectural extension available in Intel Xeon Scalable processors that enables the creation of CPU-based Trusted Execution Environments (TEEs) called enclaves, where applications can run securely on an otherwise untrusted system. It is a security technology developed by Intel that aims to protect sensitive data and code from unauthorized access or tampering.

Here's a quick overview of how Intel SGX works:

<details>

<summary><strong>Enclaves</strong></summary>

An enclave is a protected memory area isolated from the rest of the system. It provides confidentiality and integrity guarantees for the code and data it contains. Enclaves are created by the application developer using the Intel SGX SDK.

</details>

<details>

<summary><strong>Enclave Initialization</strong></summary>

During the initialization process, the application developer defines the initial state of the enclave, including the code and data to be protected. The enclave is assigned a unique identity and a cryptographic key called the enclave sealing key.

</details>

<details>

<summary><strong>Enclave Launch</strong></summary>

When an application wants to run inside an enclave, it first needs to be launched. The launch process involves establishing a secure channel between the application and the processor's SGX subsystem. The processor verifies the integrity of the enclave and measures it to ensure that it hasn't been tampered with.

</details>

<details>

<summary><strong>Secure Execution</strong></summary>

Once the enclave is successfully launched, the application can execute inside it. The enclave code and data are protected from access by other processes, even those running with higher privileges, such as the operating system or hypervisor.

</details>

<details>

<summary><strong>Memory Protection</strong></summary>

The memory used by the enclave is encrypted to prevent unauthorized access. The encryption and decryption of memory are handled transparently by the processor, ensuring that enclave data remains confidential.

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/technology.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.