Intel® Software Guard Extensions (Intel® SGX)

An Intel® architecture extension designed to increase the security of application code and data.

Enable New Security Models and Innovation

Intel® SGX protects selected code and data from disclosure or modification. Developers can partition their application into processor-hardened enclaves or protected areas of execution in memory that increase security even on compromised platforms. Using this new application-layer trusted execution environment, developers can enable identity and records privacy, secure browsing, and digital rights management (DRM), as well as harden endpoint protection or any high-assurance security use case that needs to safely store secrets or protect data.

  • Confidentiality and integrity: Enforced at the operating system, BIOS, VMM, SMM, or TEE layers even in the presence of privileged malware.
  • Low learning curve: A familiar operating system programming model integrates with the parent application and executes on the main processor.
  • Remote attest and provision: A remote party can verify an application enclave identity and securely provision keys, credentials, and other sensitive data to the enclave.
  • Small attack surface: The processor boundary becomes the attack surface perimeter—all data, memory, and I/O outside this perimeter is encrypted.

A Developer Perspective

Get Started