Intel® Software Guard Extensions Introductory Overview | Intel Software

Intel® Software Guard Extensions Introductory Overview | Intel Software


Hi. I’m John Mechalas with Intel. In this video, we’re going to
introduce you to Intel Software Guard Extensions, or Intel SGX. It enables applications to
execute code and protect secrets inside their own trusted
execution environment, giving developers direct control over
their application security. Intel SGX is designed to
protect an application’s secrets from malicious software. It prevents software
attacks even when the application, the
operating system, and the BIOS are compromised. Your application secrets
will remain protected even when the attacker has full
control over the platform. What is a secret? It’s anything that is not meant
to be known or seen by others. Some examples of secrets
include medical records, personally identifiable
information, biometric factors, passwords, encryption keys,
and intellectual property. Secrets of this nature
must be secured in order to protect the privacy,
financial interests, and even the safety of both
individuals and businesses. Intel SGX protects these secrets
by creating isolated memory regions of code and
data called enclaves. These non-addressable
memory pages are reserved from the
system’s physical RAM and then encrypted. Enclaves are protected
memory regions where an application
can work on its secrets without fear of exposing them. And Intel SGX
application is built with two parts, the trusted
part and the untrusted part. When the application needs
to work with the secret, it creates an enclave, which
is placed in trusted memory. It then calls the
trusted function, a function created by
the software developer for working inside the enclave. Once the function is
called, the application is running in the trusted
space and sees the enclave code and data as clear text. All other attempts to
access the enclave memory from outside the enclave are
denied by the processor, even those made by privileged users. This prevents secrets in the
enclave from being exposed. When the trusted
function returns, the enclave data remains
in trusted memory. The application is back to
running in the untrusted space, where it no longer has
access to the trusted memory. The videos in this
series will show you the fundamentals of writing
enclave applications so that you can start taking
advantage of Intel SGX. Be sure to watch the play list
to learn more about Intel SGX application development. And remember to like
this video and subscribe.

4 thoughts to “Intel® Software Guard Extensions Introductory Overview | Intel Software”

  1. Sounds great, but If SGX is all good why can you turn it off in the bios. In other words what's the benefit of turning it SGX off?

Leave a Reply

Your email address will not be published. Required fields are marked *