Intel® Software Guard Extensions (Intel® SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. Intel® SGX makes such protection possible through the use of enclaves. Enclaves are protected areas of execution. Application code can be put into an enclave via special instructions, and software can be made available to developers via the Intel® SGX SDK.
The Intel® SGX SDK is a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel® SGX enabled applications in C/C++.
Application code executing within an Intel SGX enclave:
- Benefits from new Intel SGX instructions introduced with 6th Generation Intel® Core™ processor (or later) platforms
- Relies on an Intel-provided driver and/or the OS for access to Intel SGX instructions and resource management
- Executes within the context of its parent application, thereby benefiting from the full power of the Intel® processor
- Reduces the trusted computing base of its parent application to the smallest possible footprint
- Remains protected even when the BIOS, VMM, OS, and drivers are compromised, implying that an attacker with full execution control over the platform can be kept at bay
- Benefits from memory protections that thwart memory bus snooping, memory tampering and “cold boot” attacks on images retained in RAM
- Uses hardware-based mechanisms to respond to remote attestation challenges that validate its integrity
- Can work in concert with other enclaves owned or trusted by the parent application
- Can be developed using standard development tools, thereby reducing the learning curve impact on application developers
Required Hardware: 6th Generation Core™ processor (or later) based platform with SGX Enabled BIOS support
Supported OS: See Release Notes for details
Supported Languages: C and C++