Intel Releases New Technology Specification for Memory Encryption

By Baiju V Patel, Published: 12/22/2017, Last Updated: 12/22/2017

For many years, Intel has worked with the technology ecosystem to strengthen protections for operating systems and software via hardware-enhanced security. As each protection comes into effect, adversaries inevitably attempt to bypass them. For instance, Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI) greatly reduced the overhead associated with encryption processing and enabled near-ubiquitous encryption of stored data. Unable to read data at-rest, attackers shifted their focus to the data while it is in-use in memory, which is typically not encrypted today. Intel was first to introduce memory encryption, integrity protection, and replay protection capabilities in a general purpose CPU as part of Intel® Software Guard Extensions (Intel® SGX). In future processors, Intel plans to introduce two new in-memory data protection capabilities that complement Intel® SGX, and provide customers additional flexibility and choice.

The baseline feature of these new capabilities is Total Memory Encryption (TME). As the name suggests, this technology encrypts the platform’s entire memory with a single key. TME, when enabled via BIOS configuration, will help ensure that all memory accessed from the Intel CPU is encrypted, including customer credentials, encryption keys, and other IP or personal information on the external memory bus. Intel is developing this technology to support a variety of encryption algorithms and is initially considering the NIST encryption standard for storage—the AES XTS algorithm with 128-bit keys. The encryption key used for memory encryption is generated using a hardened random number generator in the CPU and never exposed to software. Data in-memory and on the external memory buses is encrypted and is only in plain text while inside the CPU, similar to typical storage encryption. This allows existing software to run unmodified while protecting memory using TME. We recognize there are specific scenarios where it would be advantageous to not encrypt a portion of memory, so TME allows the BIOS to specify a physical address range to remain unencrypted. The software running on a TME-capable system will have full visibility into all portions of memory that are configured to not be encrypted by TME, simply by reading a configuration register in the CPU.

The second new technology extends TME to support multiple encryption keys (Multi-Key TME, or MKTME) and provides the ability to specify use of a specific key for a page of memory. This architecture allows either CPU-generated keys or tenant-provided keys, giving full flexibility to customers. This means virtual machines (VMs) and containers can be cryptographically isolated from each other in memory with separate encryption keys, a big plus in multi-tenant cloud environments. VMs and containers can also be pooled to share an individual key, further extending scale and flexibility. This includes support for both standard DRAM and NVRAM.

You can find full details of the new memory encryption technologies in the complete specification for Intel Memory Encryption Technologies, which benefited from extensive collaboration with many ecosystem partners and customers. We invite software and systems developers to review the specification and consider how TME and MKTME can benefit your products and services. Intel plans to roll out additional details about these technologies, including a more in-depth white paper on enabled usages, in the near future .