Intel Corp. has announced that starting from late October it will ship new processors based on the “Skylake” micro-architecture with enabled Intel Software Guard Extensions (SGX) technology. The new central processing units will feature new S-Spec and MM numbers, but will continue to use the same physical dies as existing CPUs. It is unclear why the initial “Skylake” central processing units do not support SGX.
Intel Software Guard Extensions (Intel SGX) is a set of x86 extension designed to increase the security of software through an “inverse sandbox” mechanism. In this approach, instead of trying to identify and isolate all the malware on the platform, legitimate sensitive code and data can be sealed inside an enclave and protected from attack by the malware, irrespective of the privilege level of the latter. Intel SGX needs to be supported by processors, operating systems and applications to actually work. The SGX is not something that works automatically once a chip is installed.
Intel’s new Core i7, Core i5 and Xeon E3 1200 v5 processors with new S-Spec and MM numbers will feature “a minor manufacturing configuration change to allow customers to enable Intel SGX” when using these chips. The stepping/revision of the central processing units will not change: the chips will feature “Skylake” silicon step R0. The CPUID signature will also remain the same as with the current chips – 0x506E3 Die size and package will not change for these processors. Intel will begin to ship new processors starting from the 26th of October, 2015.
Since the new chips are essentially the same as the contemporary CPUs and even do not need updated BIOS, Intel does not expect any re-qualification and/or validation for these microprocessors.
It is completely unclear why the first wave of Intel Core i7, Core i5 and Xeon E3 1200 v5 “Skylake” processors do not support SGX, which was first introduced back in 2013. As it turns out, “a minor manufacturing configuration change” can easily enable the technology, which is pretty useful if supported by applications.
The list of Intel Core and Xeon “Skylake” processors with and without SGX can be found HERE.
Discuss on our Facebook page, HERE.
KitGuru Says: Considering how minor the changes to the upcoming processors are, it is pretty clear that Intel had to speed up introduction of “Skylake” processors versus its original schedule by a couple of months. Perhaps, since the SGX technology was not extensively tested on “Skylake”, the chipmaker decided to block it on the S-Spec level. Anyway, if you use applications that actually take advantage of Intel’s SGX, wait for the new chips to arrive. S-Spec numbers of the new chips are listed in Intel’s document.
meh