Intel announced today Intel SGX Card, a new product to expand its SGX security feature to existing data center server infrastructure that wouldn't have been able to benefit from it due to hardware architectural limitations.
Intel SGX stands for Software Guard eXtensions, a feature found in modern Intel CPUs that allows developers to isolate parts of applications inside secure "enclaves."
These SGX enclaves have access to small sections of a CPU's processing memory that are isolated at the hardware level from the rest of the main processor, and where applications can run operations that deal with sensitive details, such as encryption keys, passwords, user data, and more.
Although Intel SGX support has been available for most recent desktop and notebook-focused CPU series for a while now, the feature isn't broadly available in Intel's server CPU lines.
While not perfect [1, 2], SGX has its benefits as opposed to running a server without SGX support at all, and has been in hot demand from data center operators, who've continuously demanded SGX support in Intel's server hardware in recent years [1, 2].
"Though Intel SGX technology will be available on future multi-socket Intel Xeon Scalable processors, there is pressing demand for its security benefits in this space today," Intel said in a press release today. "Intel is accelerating deployment of Intel SGX technology for the vast majority of cloud servers deployed today with the Intel SGX Card."
The company describes the Intel SGX Card as a modified Intel VCA (Visual Compute Accelerator) graphics card, which the company initially developed for cloud providers focused on video processing and cloud gaming services.
"In the Intel SGX Card, the graphics accelerator has been disabled and the system re-optimized specifically for security purposes. In order to take advantage of Intel SGX technology, three Intel Xeon E processors are hosted in the card, which can fit inside existing, multi-socket server platforms being used in data centers today," Intel said.
Once Intel SGX Card becomes available, cloud service providers and data center operators will be able to plug them into existing infrastructure and run up to 12 Intel SGX-enabled CPUs on each standard 2U Intel Xeon Scalable server.
This will allow cloud providers to add SGX support with minimal costs until next-gen Intel server-focused CPUs with native SGX support will become broadly available.
"Availability is targeted for later this year," Intel said.
Related cyber-security coverage:
- ICANN: There is an ongoing and significant risk to DNS infrastructure
- Cisco patches a couple of root access-granting security flaws
- Hackers can hijack bare-metal cloud servers by corrupting their BMC firmware
- Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
- Splunk pulls out of Russia with mysterious statement
- Dirty Sock vulnerability lets attackers gain root access on Linux systems
- Report: Industrial control systems face uphill security battles in 2019 TechRepublic
- Chinese server hack story doesn't convince chip CEOs CNET