Intel® Software Guard Extensions (Intel® SGX) is an Intel technology for application developers who are seeking to protect select code and data from disclosure or modification. Intel SGX makes such protections possible through the use of enclaves, which are protected areas of execution in memory. Application code can be put into an enclave by special instructions and software made available to developers via the Intel SGX SDK. The Intel SGX SDK is a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C and C++.
Application code executing within an Intel SGX enclave:
- Benefits from new Intel SGX instructions introduced with 7th Generation Intel® Core™ processor platforms and Intel® Xeon® processor E3 v5 for data center servers.
- Relies on a driver from Intel or the operating system for access to Intel SGX instructions and resource management
- Executes within the context of its parent application, thereby benefiting from the full power of the Intel® processor
- Reduces the trusted computing base of its parent application to the smallest possible footprint
- Remains protected even when the BIOS, VMM, operating system, and drivers are compromised, implying that an attacker with full execution control over the platform can be kept at bay
- Benefits from memory protections that thwart memory bus snooping, memory tampering and “cold boot” attacks on images retained in RAM
- Uses hardware-based mechanisms to respond to remote attestation challenges that validate its integrity
- Works in concert with other enclaves owned or trusted by the parent application
- Can be developed using standard development tools, thereby reducing the learning curve impact on application developers
- Supports initial data center use (such as protected transport layer security (TLS) keystore management) as well as proof of concept and development work for future data center platforms and solutions. This includes encrypted database operations, trusted big data computing, network functions virtualization (NFV), and secure monitoring, blockchain, and other important data center security uses that leverage added data protection while in use.
Get the SDK
Intended for developers who want to enhance application security using Intel SGX technology.
Download the SDK
Access the Development Services
Before applying for development services access, make sure to create a self-signed certificate or obtain a certificate from your certificate authority. See certificate requirements below.
Apply for Access
Request a Commercial Use License
Before distributing an application in release mode that's enabled for Intel SGX, a company must request and receive a commercial use license and be technically onboarded.
Submit a Request
Intel SGX Server Block
This unbranded server system is a cost-effective cryptographic security solution that delivers enterprise-grade performance, reliability, and security in an easy-to-manage system.
Security Certificate Requirements
Attestation Service (IAS) API
Supported operating systems for Intel SGX SDK:
- Windows* 7, 64 bit
- Windows* 8.1, 64 bit
- Windows® 10, 64 bit
- Windows® 10 Threshold 2, 64 bit
- Ubuntu* version 14.04
Supported compiler for Intel SGX SDK installer:
- Intel® Parallel Studio XE for Windows* Version 2015 Update 5
- Visual Studio* 2013 or 2015 Professional Edition is required as an IDE
Enclave binding interface is supported in C and C++ only.
To develop Intel SGX enclaves in the Rust* programming language, use the Rust SGX SDK in GitHub*.