SGX 1.0

SGXv1 significantly impacted secure computing in 2015 with the introduction of 6th Generation Core processors. It allows developers to partition their applications securely and protect specific code within hardware-encrypted memory enclaves, safeguarding them from unauthorized access and cold boot attacks. To ensure enhanced protection, any unauthorized attempts on an enclave trigger exceptions, enabling immediate detection. To support these capabilities, 18 new instructions were added to the Instruction Set Architecture (ISA) to facilitate secure computation in untrustworthy environments while maintaining security through trusted firmware and microcode implementations.

In SGXv1, the enclave size is limited to 128MB, which is primarily suited to desktop applications. It was primarily focused on applications such as digital rights management and key management. One successful implementation was the end-to-end streaming security in the Blu-ray standard. However, due to limited commercial adoption, Intel discontinued its desktop SGX line and shifted its strategy towards server CPUs, which led to the introduction of SGXv2.

SGX 2.0

Intel SGXv2 is found in the Icelake and Sapphire dedicated server CPU series. It introduced six additional instructions to the ISA. The main change in SGXv2 was the support for significantly larger and dynamically growing enclave sizes, reaching up to 1 TB (2*512 GB on a 2-socket board) to accommodate cloud-based applications. Another notable change addressed the remote attestation framework. While privacy was a crucial aspect in DRM applications, the concept of attesting a "streaming" enclave was based on an enhanced privacy identity (EPID) that protected the desktop user's privacy. With SGXv2, Intel revamped the attestation framework to meet the requirements of cloud service providers, resulting in the Data Center Attestation Primitive (DCAP).

Other features that could be considered part of SGXv2 are: