Intel Corp. today unveiled a range of new security features for its forthcoming 10-nanometer Ice Lake chips that offer hardware security to provide additional protection of data.

With Ice Lake, the third generation of Intel Xeon processors, Intel is doubling down on its “security first pledge” with the Intel Security Guard Extension technology deployed across the full range of Ice Lake platforms. The deployment will also include Intel Total Memory Encryption, Intel Platform Firmware Resilience and new cryptographic accelerators designed to strengthen the platform.

Intel SGX, first introduced with Skylake in 2015, is a set of security-related instruction codes built into the processors. They define private security regions of memory, called enclaves, where content is protected and is unable to be read or saved by any process outside the enclave itself. In Intel’s words, it provides “confidential computing” in a “Trusted Execution Environment,” enabling application isolation to protect up to a terabyte of code while in use.

The new security features debuting on the new Ice Lake chips are aimed at giving companies the ability to protect data through a workload’s lifecycle, not only while being used in an enclave but also while the data is not being used.

Intel TME offers full memory encryption that ensures all memory accessed from the Intel CPU is encrypted, including customer credentials, encryption keys and other IP or personal information on the external memory bus. Intel says it has developed the feature to provide greater protection for system memory against hardware attacks, such as removing and reading the dual in-line memory module after spraying it with liquid nitrogen or installing purpose-built attack hardware.

Ice Lake’s new cryptographic acceleration is claimed to deliver “breakthrough cryptographic performance” through processes designed to stitch together the operations of two algorithms as well as the ability to process multiple independent data buffers in parallel.

On the resilience side, Intel PFR offers protection against firmware attacks by detecting and correcting them before they can compromise or disable the machine. Intel PFR uses Intel field-programmable gate arrays as a platform “root of trust” to validate critical platform firmware components before any firmware code is executed.

“Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity,” Lisa Spelman, corporate vice president of Intel’s Data Platform Group and general manager of the Xeon and Memory Group, said in a statement.

Spelman spoke with SiliconANGLE Media’s video studio theCUBE recently:

Photo: Intel