Intel Xe graphics card with GPU SGX support
From the very moment of the announcement that Intel will develop its discrete video card, all progressive mankind has been waiting for plans to begin to transform into something material. Little is known about the technical details, but today we can report something concrete and important at the same time. It became known that the future Intel video card will support a technology similar to , for super secure storage of critical content - it's called GPU SGX.
We recently mentioned Intel Software Guard Extensions technology in connection with . Intel SGX extensions are a set of CPU instructions that enable applications to create enclaves, protected areas within an application's address space that provide confidentiality and integrity even in the presence of privileged malware.
But you need to protect not only the executing code, but also user data. Legions of intruders dream day and night about how to steal your photos, and then erase or encrypt them. How not to be left without the most important memories? Here, Intel SGX can also come to the rescue, in its variant of GPU SGX. In this case, it works as follows.
The key role in this technology, as the name implies, is played by the GPU. βWhat does a video card have to do with it when it comes to data storage?β - you probably ask. The fact is that with all due respect to Intel SGX, there are many times fewer processors that support this technology than those that do not. Therefore, it was decided to transfer the execution of the SGX-dependent code to the GPU, similar to how it was done in the already mentioned Intel SGX Card. The video card also has one more advantage: its design allows you to place a sufficiently large amount of flash memory on it, which can be used as a local secure storage.
The principle of operation of the GPU SGX is as follows. Photos of your favorite dog, as well as other particularly important data, are placed on the local storage of the video card using special Intel software. Intel SGX protection works at the file system driver level. Further, the same special software synchronizes the contents of the storage with the cloud service in one of the modes selected by the users. Unlike other cloud services, the Intel client cannot be compromised because it hosts sensitive areas of code in SGX enclaves. Thus, your data receives several degrees of protection against theft and destruction.
But what happens if the Intel software stops working for some reason, and the data is literally locked in its storage? Intel intends to share its technology with third parties through rigorous certification and control. So there will be an alternative. Well, the system itself will appear on the market no earlier than the appearance of video cards directly - the timing is still vague. But we will be waiting.
Source: habr.com