Intel’s Ice Lake Xeon processors get new security features

Intel today revealed the data security and privacy upgrades that will be introduced to the upcoming 3rd generation Intel Xeon Scalable processors code-named Ice Lake and specifically built to power data center platforms.

“Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension (Intel SGX) to the full spectrum of Ice Lake platforms,” the chip manufacturer said.

Intel SGX is an Intel processor security feature that allows applications to run within protected software containers known as enclaves, providing hardware-based memory encryption that fully isolates the apps’ code and data in memory.

New security features

Beyond Intel SGX, the 3rd Gen Xeon Scalable platform also includes new security tech to protect data integrity and confidentiality and secure sensitive workloads.

Ice Lake adds Intel Total Memory Encryption (Intel TME) to the Intel Xeon Scalable platform, to secure the data accessed from the CPU — including encryption keys, credentials, and other sensitive info — against hardware attacks by encrypting the entire memory of a system.

It introduces Intel Platform Firmware Resilience (Intel PFR), a capability designed to protect platform firmware by automatically detecting firmware corruption and restoring to a previous unaffected state before attackers can compromise or permanently disable the system.

“The firmware components protected can include BIOS Flash, BMC Flash, SPI Descriptor, Intel Management Engine, and power supply firmware,” Intel said.

The Ice Lake Xeon platform also comes with new cryptographic accelerators that improve the platform’s overall confidentiality and integrity of data across storage, server, and network infrastructure.

Two innovations are behind Ice Lake’s cryptographic acceleration: a technique that stitches the operations of two algorithms for simultaneous execution and a method allowing parallel processing of multiple independent data buffers.

“Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity,” Lisa Spelman, Intel corporate vice president and general manager of the Xeon and Memory Group, said.

The new security features built within Ice Lake are designed to decrease privacy and compliance risks, including but not limited to regulated data in healthcare and financial services.

More platform improvements

The company’s 3rd Gen Xeon Scalable processors also feature enhanced performance with up to 28 cores per processor, as well as up to 224 cores per platform.

They also come with support for increased DDR4 memory speed and capacity, allowing builds featuring up to 6 channels of DDR4-3200 MT/s and 16Gb DIMMs, with a maximum of 256GB DDR4 DIMMs per socket.

Up to six Intel UPI (Ultra Path Interconnect) channels can also be used to boost platform scalability, while Intel AVX-512 (Advanced Vector Extensions 512) increase throughput and performance of demanding computational tasks.

“Microsoft Azure was the first major public cloud to offer confidential computing, and customers from industries including finance, healthcare, government are using confidential computing on Azure today” Mark Russinovich, Microsoft Azure chief technology officer, said.

“We believe the next-generation Intel Xeon processors with Intel SGX featuring full memory encryption and cryptographic acceleration will help our customers unlock even more confidential computing scenarios.”

Source

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s