As the battle between Intel and AMD intensifies in the server market, Intel is positioning Xeon "Ice Lake" chips as the right choice, where privacy and data integrity are the top priority.
The field of chips has been moving for years now in all areas. The AMD outsider is making strides on desktops, mobile devices, and servers. AMD's EPYC offers notable advancements over Intel's Xeon. But here is the third generation of Xeons, the Ice Lake Xeon chips, are announced. With the watchwords confidentiality and data integrity.
The idea is that data can be protected while it is on disk or traveling over a network. But data stored in memory can be intercepted and corrupted.
So here are Intel Software Guard Extensions (SGX), a technology that can be used to protect up to 1 terabyte of code and data in areas of memory called enclaves. How secure is the SGX? Microsoft says it is "the most researched, updated and tested trusted execution environment for data center confidentiality" and that it has the smallest of surfaces attack.
Full memory encryptionProtecting data is key to removing value from it, and with the capabilities of the next third-generation Xeon platform, we will help our customers solve their most difficult data computation problems while improving privacy and security data honesty. This extends our long history of partnering across the ecosystem to drive security innovations, "said Lisa Spellman, Intel vice president in the Data Platforms group and general manager of the Xeon group and memory.
And Intel goes further with three announcements of security measures.
The first is a feature that AMD's EPYC already brings to servers: full memory encryption. Intel's version is called Total Memory Encryption (TME) and is designed to protect against sophisticated attacks such as reading liquid nitrogen cooled memory chips.
Cryptographic accelerationIce Lake chips will also feature cryptographic acceleration so businesses don't have to choose between security and performance. Intel has found two ways to remove bottlenecks in the encryption process. “The first, Intel reports, is a technique that involves putting together the operations of two algorithms that usually work in combination but sequentially, allowing them to run simultaneously. The second is a method of processing multiple buffers of independent data in parallel ".
Intel has also made efforts to protect server firmware from attack by using an Intel FPGA as the platform's trusted root to inspect all critical firmware components at startup, and before execution.