Things have been hotting up in the chip arena for years now, as underdog AMD makes headway on the desktop, on mobile devices, and on servers. With AMD's EPYC making headway against Intel's Xeon, Intel is positioning 3rd-gen Ice Lake Xeon chips as the right choice where the confidentiality and integrity of data is the priority.
While data might be protected while it is on a disk or moving across a network, data held in memory could be open to interception and tampering.
Enter Intel Software Guard Extensions (SGX), technology which can be used to protect as much as 1 terabyte of code and data in private memory areas called enclaves.
How secure is SGX? Microsoft claims it is the "most researched, updated and battle-tested Trusted Execution Environment for data center confidential computing," and has the smallest attack surface.
"Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd-gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations," said Lisa Spelman, Intel corporate vice president in the Data Platform Group and general manager of the Xeon and Memory Group.
Intel is going further with three other security measures.
The first is a feature that AMD's EPYC already brings to servers -- full memory encryption. Intel's version is called Total Memory Encryption (TME) and is designed to protect against sophisticated attacks such as reading memory chips that were cooled with liquid nitrogen to store the data.
Ice Lake chips will also feature cryptographic acceleration so that enterprise customers aren't having to choose between security and performance. Intel has found two ways to remove cryptographic bottlenecks.
"The first," reports Intel, "is a technique to stitch together the operations of two algorithms that typically run in combination yet sequentially, allowing them to execute simultaneously. The second is a method to process multiple independent data buffers in parallel."
Intel has also put effort into protecting the server's firmware from attack by using an Intel FPGA as a platform root of trust to inspect all critical-to-boot firmware components prior top execution.