search
Try CC!

Technology

circle-info

The official overview: Intelยฎ Software Guard Extensionsarrow-up-right

Intel Software Guard Extensions (SGX) is an architectural extension available in Intel Xeon Scalable processors that enables the creation of CPU-based Trusted Execution Environments (TEEs) called enclaves, where applications can run securely on an otherwise untrusted system. It is a security technology developed by Intel that aims to protect sensitive data and code from unauthorized access or tampering.

Here's a quick overview of how Intel SGX works:

chevron-rightEnclaveshashtag

An enclave is a protected memory area isolated from the rest of the system. It provides confidentiality and integrity guarantees for the code and data it contains. Enclaves are created by the application developer using the Intel SGX SDK.

chevron-rightEnclave Initializationhashtag

During the initialization process, the application developer defines the initial state of the enclave, including the code and data to be protected. The enclave is assigned a unique identity and a cryptographic key called the enclave sealing key.

chevron-rightEnclave Launchhashtag

When an application wants to run inside an enclave, it first needs to be launched. The launch process involves establishing a secure channel between the application and the processor's SGX subsystem. The processor verifies the integrity of the enclave and measures it to ensure that it hasn't been tampered with.

chevron-rightSecure Executionhashtag

Once the enclave is successfully launched, the application can execute inside it. The enclave code and data are protected from access by other processes, even those running with higher privileges, such as the operating system or hypervisor.

chevron-rightMemory Protectionhashtag

The memory used by the enclave is encrypted to prevent unauthorized access. The encryption and decryption of memory are handled transparently by the processor, ensuring that enclave data remains confidential.

Last updated

Was this helpful?