Intel will introduce SGX instruction set with next batch of Skylake CPUs

[zMeul]

source: http://qdms.intel.com/dm/i.aspx/5A160770-FC47-47A0-BF8A-062540456F0A/PCN114074-00.pdf

 

At its root, Intel® SGX  is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.  But looking at the technology upward from the instructions is analogous to trying to describe an animal by examining its DNA chain.  In this short post I will try to uplevel things a bit by outlining the objectives that guided the design of Intel® SGX and provide some more detail on two of the objectives.  In future posts, I will dive deeper into the remaining objectives and review some of our experiences using Intel® SGX to protect various software applications.

Much of the motivation for  Intel® SGX can be summarized in the following eight objectives:

• Allow application developers to protect sensitive data from unauthorized access or modification by rogue software running at higher privilege levels.
• Enable applications to preserve the confidentiality and integrity of sensitive code and data without disrupting the ability of legitimate system software to schedule and manage the use of platform resources.
• Enable consumers of computing devices to retain control of their platforms and the freedom to install and uninstall applications and services as they choose.
• Enable the platform to measure an application’s trusted code and produce a signed attestation, rooted in the processor, that includes this measurement and other certification that the code has been correctly initialized in a trustable environment.
• Enable the development of trusted applications using familiar tools and processes.
• Allow the performance of trusted applications to scale with the capabilities of the underlying application processor.
• Enable software vendors to deliver trusted applications and updates at their cadence, using the distribution channels of their choice.
• Enable applications to define secure regions of code and data that maintain confidentiality even when an attacker has physical control of the platform and can conduct direct attacks on memory.

---

the exact nature of why Intel hasn't made this instruction set available with 1st batch of Skylake is unknown

availability of the new Skylake is october 26

[patrickjp93]

Primarily because the first batch was consumer-oriented, not business-oriented.

[LukaP]

Primarily because the first batch was consumer-oriented, not business-oriented.

and probably some revision in the SGX itself, it was probably bugged in the original batch, like TSX was in haswell

[patrickjp93]

and probably some revision in the SGX itself, it was probably bugged in the original batch, like TSX was in haswell

That I somewhat doubt. Intel having buggy instructions is very rare. The last time before TSX was the floating point mul/div in the Pentium...2?

[Misanthrope]

Yeah fuck that. (Not really I know it's nice and all but still)  Please introduce the motherfucking Iris 6200 pro on some of the fucking chips already. We're stucked with price gauging on Broadwell chips and not ONE of the current Skylake chips included the 6200, that's the fucking plan here Intel? You feel bad about completely obliterating AMD APUs from the face of the earth? Giving them a sporting chance or something, come on!

[LukaP]

That I somewhat doubt. Intel having buggy instructions is very rare. The last time before TSX was the floating point mul/div in the Pentium...2?

yes but new instructions are getting more and more complicated, and a small bug is easy to miss until widespread adoption (read corporation testing) and especially with things like TSX and SGX, any small bug is unnacceptable

[Sidiox]

Moar and moar cisc.... I wonder how many instructions they think they can cram onto 1 chip.....

[patrickjp93]

Moar and moar cisc.... I wonder how many instructions they think they can cram onto 1 chip.....

CISC was always going to win in performance. Anyone who thought otherwise was a fool. Even PPC and ARM aren't true RISC architectures anymore. The only one left is MIPS.

[Prysin]

That I somewhat doubt. Intel having buggy instructions is very rare. The last time before TSX was the floating point mul/div in the Pentium...2?

history can and will repeat itself eventually.

no matter how hard you work towards NOT making history repeat itself, history itself has shown, it will repeat itself eventually.

[Sidiox]

CISC was always going to win in performance. Anyone who thought otherwise was a fool. Even PPC and ARM aren't true RISC architectures anymore. The only one left is MIPS.

I think that very much depends on how you implement it and how you measure performance. ARM is a lot less CISC and uses less power for its calculations, therefor you could say its performance is higher. 

Straight up compute, yeah sure Intels ISA is still winning, but I still wonder at which point it will just get too complicated to fit it all on one chip, since shrinking stuff down is kinda coming to halt

[zMeul]

Primarily because the first batch was consumer-oriented, not business-oriented.

not true:

Intel is initiating new S-Spec and MM numbers for 6th Generation Intel® Core™ i7 & i5 desktop and the Intel® Xeon® E3-1200 v5 family processors for a minor manufacturing configuration change to allow customers to enable Intel® Software Guard Extensions (Intel® SGX) when using these processors.

[patrickjp93]

I think that very much depends on how you implement it and how you measure performance. ARM is a lot less CISC and uses less power for its calculations, therefor you could say its performance is higher. 

Straight up compute, yeah sure Intels ISA is still winning, but I still wonder at which point it will just get too complicated to fit it all on one chip, since shrinking stuff down is kinda coming to halt

POWERPC is as close to being CISC as you can get without crossing the line. ARM isn't far behind (lacks virtualization).

 

Under Amdahl's Law of scaling, even if you get more cores doing more calculations in the same amount of time, the per-core performance will be lower, and the overall scalability of the solution will be greatly diminished. CISC is always going to win in performance.

 

Shrinking won't come to a halt for at least another 20 years. There's plenty of room to be had. It will require material changes though.

[Berkut99]

I think that very much depends on how you implement it and how you measure performance. ARM is a lot less CISC and uses less power for its calculations, therefor you could say its performance is higher. 

Straight up compute, yeah sure Intels ISA is still winning, but I still wonder at which point it will just get too complicated to fit it all on one chip, since shrinking stuff down is kinda coming to halt

 

I'd feel more confident that the ISA development will slow down due to less need to develop new extensions before chip area becomes an issue. Plus I don't think it's CISC architecture itself that has issues (I mean, CISC and RISC are getting harder and harder to differentiate between every passing day), but instead reputation feels more built on the insistence for crazy pipelining that these x86 CISC chips keep being developed with, whether it be NetBurst in days past or Bulldozer in the present. Intel's Atom line-up has done a pretty good job of demonstrating that the heavy x86-64 ISA can in fact produce an efficient, cool SoC.

[Trik'Stari]

 

So, I'm guessing by the objectives, that this new instruction set makes a system more secure against being taken over. This is good, yes? If so, when, if ever, can we expect to see it on a consumer grade CPU?

[patrickjp93]

So, I'm guessing by the objectives, that this new instruction set makes a system more secure against being taken over. This is good, yes? If so, when, if ever, can we expect to see it on a consumer grade CPU?

Read the post. It affects all current SKUs with new releases in coming months.

[Trik'Stari]

Read the post. It affects all current SKUs with new releases in coming months.

Yeah I'm not seeing it in the OP. I guess it's in the PDF?

[patrickjp93]

Yeah I'm not seeing it in the OP. I guess it's in the PDF?

Yeah, original source.

[Trik'Stari]

Yeah, original source.

So wait, will I be able to have this on my 4690k?

[patrickjp93]

So wait, will I be able to have this on my 4690k?

No, Skylake and up.

[Trik'Stari]

No, Skylake and up.

Oh.

 

I am sad now, as I won't have the money for Skylake for quite some time. And by then Skylake will likely be obsolete.