Intel said that a newer batch of Skylake based processors will have its Software Guard Extensions technology enabled. Intel SGX was first introduced in 2013, which does raise the question why wasn’t present in the initial retail batches of the processors. It is assumed that at the time of its release, SGK was not tested on the Skylake architecture extensively and probably decided to block it on the S-Spec level. The Skylake was introduced two months earlier than the chipmaker initially planned.
While this doesn’t affect any difference in the die or in the architecture, it would result in newer S-Spec and MM numbers. However the CPUID signature and the currently available ‘R0’ stepping would be the same. These chips will start shipping out from 26th October, 2015. Users who require the processor for this feature will not require to do any BIOS update.
Intel Software Guard Extensions is design to boost security in the application a system that it runs on using an ‘inverse sandbox’ mechanism. As mentioned in Intel’s website, it has eight objectives:
- Allow application developers to protect sensitive data from unauthorized access or modification by rogue software running at higher privilege levels.
- Enable applications to preserve the confidentiality and integrity of sensitive code and data without disrupting the ability of legitimate system software to schedule and manage the use of platform resources.
- Enable consumers of computing devices to retain control of their platforms and the freedom to install and uninstall applications and services as they choose.
- Enable the platform to measure an application’s trusted code and produce a signed attestation, rooted in the processor, that includes this measurement and other certification that the code has been correctly initialized in a trustable environment.
- Enable the development of trusted applications using familiar tools and processes.
- Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
- Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
- Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.
Would this affect the users? Intel SGX is used by programmers and developers with an operating system and applications that utilize since it provides protection from an unauthorized access. Unless you are a developer that relies on Intel SGX, there’s really nothing to be concerned about. Intel SGX will be enabled on existing i7, i5 and Intel Xeon E3-1200 v5 SKUs.