Data Sheet

ManualsBrandsIntel ManualsCPU ProcessorsCore i7-9700KF 3.6 GHz Eight-Core LGA 1151 Processor

Technologies

62 Datasheet, Volume 1 of 2

3.2.9 Intel

Memory Protection Extensions (Intel

MPX)

Intel

MPX provides hardware accelerated mechanism for memory testing (heap and

stack) buffer boundaries in order to identify buffer overflow attacks.

An Intel MPX enabled compiler inserts new instructions that tests memory boundaries

prior to a buffer access. Other Intel MPX commands are used to modify a database of

memory regions used by the boundary checker instructions.

The Intel MPX ISA is designed for backward compatibility and will be treated as no-

operation instructions (NOPs) on older processors.

Intel

MPX can be used for:

• Efficient runtime memory boundary checks for security-sensitive portions of the

application.

• As part of a memory checker tool for finding difficult memory access errors. Intel

MPX is significantly of magnitude faster than software implementations.

Intel MPX emulation (without hardware acceleration) is available with the Intel C++

Compiler 13.0 or newer.

For more information, refer to the Intel MPX documentation.

3.2.10 Intel

Software Guard Extensions (Intel

SGX)

Intel

Software Guard Extensions (Intel

SGX) is a processor enhancement designed

to help protect application integrity and confidentiality of secrets and withstands

software and certain hardware attacks.

Intel

Software Guard Extensions (Intel

SGX) architecture provides the capability to

create isolated execution environments named Enclaves that operate from a protected

region of memory.

Enclave code can be accessed using new special ISA commands that jump into per

Enclave predefined addresses. Data within an Enclave can only be accessed from that

same Enclave code.

The latter security statements hold under all privilege levels including supervisor mode

(ring-0), System Management Mode (SMM) and other Enclaves.

Intel

SGX features a memory encryption engine that both encrypt Enclave memory as

well as protect it from corruption and replay attacks.

Intel

SGX benefits over alternative Trusted Execution Environments (TEEs) are:

• Enclaves are written using C/C++ using industry standard build tools.

• High processing power as they run on the processor.

• Large amount of memory are available as well as non-volatile storage (such as disk

drives).

• Simple to maintain and debug using standard IDEs (Integrated Development

Environment).

• Scalable to a larger number of applications and vendors running concurrently.

• Allow Launch Enclaves other than the one currently provided by Intel.