Intel SGX Card expands SGX security protections to cloud data centers

Intel announces new Intel SGX Card line.

Intel adopts Contributor Covenant for all open-source projects and developers The Contributor Covenant aims to address the skew towards white male contributors in open-source projects. Read more: https://zd.net/2D3yD3d

Intel announced today Intel SGX Card, a new product to expand its SGX security feature to existing data center server infrastructure that wouldn't have been able to benefit from it due to hardware architectural limitations.

Intel SGX stands for Software Guard eXtensions, a feature found in modern Intel CPUs that allows developers to isolate parts of applications inside secure "enclaves."

These SGX enclaves have access to small sections of a CPU's processing memory that are isolated at the hardware level from the rest of the main processor, and where applications can run operations that deal with sensitive details, such as encryption keys, passwords, user data, and more.

Although Intel SGX support has been available for most recent desktop and notebook-focused CPU series for a while now, the feature isn't broadly available in Intel's server CPU lines.

While not perfect [1, 2], SGX has its benefits as opposed to running a server without SGX support at all, and has been in hot demand from data center operators, who've continuously demanded SGX support in Intel's server hardware in recent years [1, 2].

"Though Intel SGX technology will be available on future multi-socket Intel Xeon Scalable processors, there is pressing demand for its security benefits in this space today," Intel said in a press release today. "Intel is accelerating deployment of Intel SGX technology for the vast majority of cloud servers deployed today with the Intel SGX Card."

The company describes the Intel SGX Card as a modified Intel VCA (Visual Compute Accelerator) graphics card, which the company initially developed for cloud providers focused on video processing and cloud gaming services.

"In the Intel SGX Card, the graphics accelerator has been disabled and the system re-optimized specifically for security purposes. In order to take advantage of Intel SGX technology, three Intel Xeon E processors are hosted in the card, which can fit inside existing, multi-socket server platforms being used in data centers today," Intel said.

Once Intel SGX Card becomes available, cloud service providers and data center operators will be able to plug them into existing infrastructure and run up to 12 Intel SGX-enabled CPUs on each standard 2U Intel Xeon Scalable server.

This will allow cloud providers to add SGX support with minimal costs until next-gen Intel server-focused CPUs with native SGX support will become broadly available.

"Availability is targeted for later this year," Intel said.

Related cyber-security coverage: