back to article Intel: Let's talk about SGX, baby. Let's talk about 2U and me. Let's talk about all the good things, and the bad...

Intel is touting a PCIe card packed with SGX tech to plug into servers in time for next week's RSA conference in San Francisco. Chipzilla's chunky add-on is aimed at cloud and data-center machines missing SGX (Software Guard Extensions) so that applications running on the boxes can use the technology. SGX allows program to run …

  1. Time Waster

    Can someone explain the point of SGX? I’m sure there is probably some cloudy explanation for it, but from where I’m sitting, the only people looking to run code in ways invisible to the rest of system are malware authors. Maybe DRM too, but as far as I’m concerned that pretty much falls under the definition of malware, as code that is serving no conceivable benefit to the user who is (normally unwittingly) running it.

    1. diodesign (Written by Reg staff) Silver badge

      Purposes of SGX

      On client machines, DRM and cryptography. For servers, allowing you to upload code to run in an enclave in the cloud using remote attestation to prove the software hasn't been meddled with in transit or prior to execution.

      That % SGX working as expected and intended.

      C.

      (See the 'read more' article in the piece on how SGX can be abused.)

    2. donk1

      Hmmmm..

      The idea is to put your decryption code in the enclave and then then send encrypted text and a description of the operation you want to perform to the enclave.

      The unencrypted data never leaves the enclave, not even the hypervisor sees the unencrypted data.

      E.g. to search encrypted data in sql server

      https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-enclaves?view=sqlallproducts-allversions

      What I do not get is how you get the decryption keys into the enclave securely!

      "The client driver sends the column encryption keys required for the operations to the secure enclave (over a secure channel)."

      What secure channel which the hypervisor cannot see? Hmmm..

  2. Martijn Otto

    Lovely

    Now my malware can run a lot faster!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019