Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: March 21, 2022 (February 28, 2022)

  Sidebar

Hardware Memory Encryption Architectures

My Atlas / Sidebar

304 wordsTime to read: 2 min
Barry Briggs by
Barry Briggs
Barry Briggs by
Barry Briggs

Before joining Directions on Microsoft in 2020, Barry worked at Microsoft for 12 years in a variety of roles, including... more

Intel, AMD, ARM, and Amazon Web Services (AWS) provide different architectures to support confidential computing.

Intel has two technologies that support confidential computing. Software Guard Extensions (SGX), introduced in 2015 in the Skylake processor, provide new CPU instructions that permit applications to set up “enclaves,” or sections of memory that are always encrypted. To use SGX, developers must modify applications. Microsoft partners provide application support. However, the SGX instruction set has been deprecated in Intel Core (consumer) processors and going forward will be supported only on server platforms (Xeon).

Intel’s Total Memory Encryption (TME), introduced in 2021 with its Ice Lake (Xeon3) processor, allows the encryption of the entire address space of a physical machine or VM. As with SGX, contents are decrypted only when read by the CPU (and re-encrypted on write). Keys are generated at boot time from a random number and never leave the CPU. However, decryption adds processing overhead, which can be significant.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now