Intel promises Full Memory Encryption in upcoming CPUs

At Intel's Security Day event on Tuesday, the company laid down its present and future vision for security-focused features in its hardware.Intel's Anil Rao and Scott Woodgate opened their presentation with a present-and-future discussion of Intel's SGX (Security Guard Extensions), but their coverage of the company's plans to bring Full Memory Encryption to future Intel CPUs was more interesting.Intel SGX—announced in 2014, and launched with the Skylake microarchitecture in 2015—is one of the first hardware encryption technologies designed to protect areas of memory from unauthorized users, up to and including the system administrators themselves. As an entire-system feature, TSME is enabled or disabled in system BIOS (or UEFI), and it requires no special planning on the part of application developers—once enabled, everything's encrypted, and that's all there is to say about it.AMD's approach to memory encryption also involves far less performance impact than Intel SGX. In a 2018 presentation, researchers from Wayne State University and the University of Houston showed most workloads entirely unimpacted by Secure Encryption Virtualization (a subset of AMD's SME that allows whole-VM encryption, with a separate key used for each covered virtual machine), despite significant performance impacts with Intel's SGX.Since Intel's TME and MKTME are—for the moment—still hypothetical, it's too soon to make any bold predictions about what their performance impact will be.