Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

  • Intel’s addition of memory encryption to its future 3rd era Xeon Scalable processors matches AMD’s Protected Memory Encryption (SME) characteristic.

    Intel’s 3rd-era Xeon Scalable server processors, code-named Ice Lake, will be rolled out with new security upgrades that the chip huge statements will greater protect devices from firmware assaults.

    The upcoming chips are based mostly on Ice Lake, Intel’s 10nm CPU microarchitecture, which was initially launched in 2019. Intel is focusing on original generation shipments for its Xeon scalable processors for servers at the conclude of the 12 months – but just declared that they will come with new security capabilities.

    Just one such element is named Intel Overall Memory Encryption (Intel TME), which Intel said assists make sure that all memory accessed from the CPU is encrypted – these kinds of as customer credentials, encryption keys and other IP or own info on the external memory bus.

    Simply click to Sign-up!

    “Intel developed this attribute to offer higher security for procedure memory against hardware attacks, this sort of as taking away and studying the twin in-line memory module (DIMM) immediately after spraying it with liquid nitrogen or putting in purpose-developed attack hardware,” according to Intel on Wednesday.

    Of notice, this function currently exists in other competing chip platforms, with AMD to start with proposing its individual variation, Secure Memory Encryption (SME), again in 2016.

    Intel TME makes use of the storage encryption conventional, AES XTS, from the National Institute of Specifications and Technology (NIST). Intel reported an encryption critical is created using a hardened random range generator in the processor without having publicity to program, letting existing program to operate unmodified whilst much better shielding memory.

    Intel also promises that a further new attribute can guard towards subtle adversaries who may endeavor to compromise or disable the platform’s firmware to intercept data or consider down the server. The Intel System Firmware Resilience (Intel PFR) will be component of the Xeon Scalable platform, which Intel statements will enable safeguard from system firmware attacks by detecting them ahead of they can compromise or disable the equipment.

    Intel PFR will use an Intel field-programmable gate array (FPGA) as a “platform root of rely on,” which will validate critical-to-boot platform firmware factors just before any firmware code is executed, in accordance to Intel. An Intel FPGA is an integrated circuit designed to be configured by a client or a designer right after manufacturing.

    The firmware factors safeguarded “can include BIOS Flash, BMC Flash, SPI Descriptor, Intel Management Engine and electrical power provide firmware.”

    The chip large is also bringing its existing Intel Application Guard Extensions (SGX) function to Ice Lake. Intel SGX, a set of security-relevant instruction codes that are built into Intel CPUs, shields sensitive data – these as AES encryption keys – within “enclaves,” which are physically separate from other CPU memory and are protected by software program encryption.

    Of take note, Intel SGX is not an stop-all-be-all alternative – scientists have previously been able to bypass SGX in different attacks, from the Plundervolt security issue disclosed in 2019 to speculative execution design flaws in Intel CPUs disclosed in 2018.

    The new security options appear as Intel processors have been plagued by many security issues over the earlier decades – including Meltdown and Spectre as very well as other speculative execution and facet-channel assaults.

    On Oct 14 at 2 PM ET Get the newest data on the climbing threats to retail e-commerce security and how to end them. Register today for this Free of charge Threatpost webinar, “Retail Security: Magecart and the Increase of e-Commerce Threats.” Magecart and other menace actors are driving the soaring wave of online retail use and racking up big figures of buyer victims. Locate out how web-sites can keep away from becoming the upcoming compromise as we go into the getaway year. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.