Intel’s addition of memory encryption to its upcoming 3rd technology Xeon Scalable processors matches AMD’s Secure Memory Encryption (SME) function.
Intel’s third-era Xeon Scalable server processors, code-named Ice Lake, will be rolled out with new security upgrades that the chip large promises will better protect gadgets from firmware attacks.
The forthcoming chips are based mostly on Ice Lake, Intel’s 10nm CPU microarchitecture, which was 1st released in 2019. Intel is concentrating on original manufacturing shipments for its Xeon scalable processors for servers at the end of the 12 months – but just declared that they will come with new security features.
1 these kinds of attribute is known as Intel Full Memory Encryption (Intel TME), which Intel said can help be certain that all memory accessed from the CPU is encrypted – this kind of as shopper qualifications, encryption keys and other IP or private details on the exterior memory bus.
“Intel created this function to give better security for procedure memory against components assaults, such as removing and examining the twin in-line memory module (DIMM) immediately after spraying it with liquid nitrogen or setting up objective-designed attack components,” in accordance to Intel on Wednesday.
Of note, this function previously exists in other competing chip platforms, with AMD 1st proposing its own variation, Secure Memory Encryption (SME), again in 2016.
Intel TME utilizes the storage encryption standard, AES XTS, from the National Institute of Requirements and Technology (NIST). Intel stated an encryption key is generated utilizing a hardened random number generator in the processor without publicity to software package, letting existing software package to run unmodified although better guarding memory.
Intel also promises that one more new element can shield towards sophisticated adversaries who may attempt to compromise or disable the platform’s firmware to intercept details or acquire down the server. The Intel Platform Firmware Resilience (Intel PFR) will be part of the Xeon Scalable system, which Intel statements will assistance defend from platform firmware assaults by detecting them in advance of they can compromise or disable the device.
Intel PFR will use an Intel field-programmable gate array (FPGA) as a “platform root of have faith in,” which will validate critical-to-boot platform firmware elements prior to any firmware code is executed, in accordance to Intel. An Intel FPGA is an built-in circuit built to be configured by a shopper or a designer just after producing.
The firmware factors secured “can involve BIOS Flash, BMC Flash, SPI Descriptor, Intel Management Engine and energy supply firmware.”
The chip giant is also bringing its current Intel Software Guard Extensions (SGX) feature to Ice Lake. Intel SGX, a established of security-associated instruction codes that are crafted into Intel CPUs, shields sensitive data – this kind of as AES encryption keys – inside of “enclaves,” which are physically different from other CPU memory and are safeguarded by program encryption.
Of take note, Intel SGX is not an conclusion-all-be-all answer – researchers have earlier been equipped to bypass SGX in many attacks, from the Plundervolt security issue unveiled in 2019 to speculative execution structure flaws in Intel CPUs revealed in 2018.
The new security functions come as Intel processors have been plagued by numerous security issues in excess of the earlier several years – which include Meltdown and Spectre as perfectly as other speculative execution and facet-channel assaults.
On Oct 14 at 2 PM ET Get the newest data on the mounting threats to retail e-commerce security and how to quit them. Register today for this No cost Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other menace actors are riding the growing wave of online retail usage and racking up significant numbers of shopper victims. Discover out how sites can steer clear of turning out to be the following compromise as we go into the getaway year. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.
Some components of this short article are sourced from: