> For the complete documentation index, see [llms.txt](https://docs.enclaive.cloud/confidential-cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/technology.md).

# Technology

{% hint style="info" %}
The official overview: [Intel® Software Guard Extensions](https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/overview.html)
{% endhint %}

Intel Software Guard Extensions (SGX) is an architectural extension available in Intel Xeon Scalable processors that enables the creation of CPU-based Trusted Execution Environments (TEEs) called enclaves, where applications can run securely on an otherwise untrusted system. It is a security technology developed by Intel that aims to protect sensitive data and code from unauthorized access or tampering.

Here's a quick overview of how Intel SGX works:

<details>

<summary><strong>Enclaves</strong></summary>

An enclave is a protected memory area isolated from the rest of the system. It provides confidentiality and integrity guarantees for the code and data it contains. Enclaves are created by the application developer using the Intel SGX SDK.

</details>

<details>

<summary><strong>Enclave Initialization</strong></summary>

During the initialization process, the application developer defines the initial state of the enclave, including the code and data to be protected. The enclave is assigned a unique identity and a cryptographic key called the enclave sealing key.

</details>

<details>

<summary><strong>Enclave Launch</strong></summary>

When an application wants to run inside an enclave, it first needs to be launched. The launch process involves establishing a secure channel between the application and the processor's SGX subsystem. The processor verifies the integrity of the enclave and measures it to ensure that it hasn't been tampered with.

</details>

<details>

<summary><strong>Secure Execution</strong></summary>

Once the enclave is successfully launched, the application can execute inside it. The enclave code and data are protected from access by other processes, even those running with higher privileges, such as the operating system or hypervisor.

</details>

<details>

<summary><strong>Memory Protection</strong></summary>

The memory used by the enclave is encrypted to prevent unauthorized access. The encryption and decryption of memory are handled transparently by the processor, ensuring that enclave data remains confidential.

</details>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/technology.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.