Intel: Let's talk about SGX, baby. Let's talk about 2U and me. Let's talk about all the good things, and the bad...
Chipzilla rips sticker off its graphics accelerator, switches off GPU – now you're a security wizard, Harry!
RSA Intel is touting a PCIe card packed with SGX tech to plug into servers in time for next week's RSA conference in San Francisco.
Chipzilla's chunky add-on is aimed at cloud and data-center machines missing SGX (Software Guard Extensions) so that applications running on the boxes can use the technology. SGX allows program to run code within so-called secure enclaves that not even the server's system administrators nor operating systems, hypervisor, and other software can peer into and manipulate.
The idea is you run sensitive cryptography and similar private stuff within the enclave out of sight of prying eyes.
SGX has been available for a while – there's an unofficial list of supported products maintained here – albeit it in PC-grade and single-socket entry-level Xeon E3 processors. If you have a machine that doesn't feature SGX, such as a dual-socket Xeon E5 beast, this SGX card is aimed at you. Intel reckons the security tech will make it into its multi-socket Xeons eventually.
Interestingly enough, the SGX card is actually Intel's Visual Compute Accelerator with the GPU hardware turned off, leaving its three Xeon E3 processors enabled to perform SGX operations. We're told a 2U server can take up to four of the cards, totaling 12 SGX-enabled chips working over x16 PCIe.
"This card allows datacenter operators to provide for that demand and expand SGX to the vast deployment of sockets that are available today," said Intel GM of ecosystem strategy and development Jim Gordon. The SGX card is due to go on sale later this year, we note.
Intel SGX 'safe' room easily trashed by white-hat hacking maraudersREAD MORE
In addition to kicking out a repurposed card, Intel is also punting an updated version of its Threat Detection Technology (TDT) suite that scans system memory for malware and other software nasties, alerting installed antivirus packages of any threats. Chipzilla will, at RSA, demonstrate TDT on Linux picking up hidden cryptominers. The tech was previously demo'd on Windows.
"Detection alerts based on the heuristics are sent to the security service provider (ISV) for remediation," Intel says of its offering. "Integration of the Intel TDT stack into the existing ISV solutions results in improved performance and lower incidences of false positives." ®
PS: Intel also emitted details of its FPGA-in-a-PCIe-card, the PAC N3000, which is aimed at accelerating high-speed networking operations for 5G and other communications systems.