Talking to the assembled throngs at Intel’s Security Day event Anil Rao and Scott Woodgate opened their presentation with a present-and-future discussion of Intel's SGX (Software Guard Extensions) and ended up spilling the beans on full memory encryption.
Intel SGX—announced in 2014 and launched with the Skylake microarchitecture in 2015—was one of the first hardware encryption technologies designed to protect areas of memory from unauthorised users, up to and including the system administrators themselves. SGX is a set of x86_64 CPU instructions which allows a process to create an "enclave" within memory which is hardware encrypted. Data stored in the encrypted enclave is only decrypted within the CPU—and even then, it is only decrypted at the request of instructions executed from within the enclave itself.
The idea is that someone with root (system administrator) access to the running system can't usefully read or alter SGX-protected enclaves.
But Intel's SGX is proprietary and vendor-specific and applications can only run on Intel processors. You must design your application around SGX and it can’t be switched on and off.
SGX enclaves must fit into the Enclave Page Cache, which is limited to 128MiB total. This means developers must make careful and decide which parts of memory are "confidential".
Rao then mentioned full-memory encryption. Intel refers to its version of full-memory encryption as TME (Total Memory Encryption) or MKTME (Multi-Key Total Memory Encryption). While these features are vaporware Intel submitted an enormous Linux kernel patchset last May for enabling those features, there are still no real-world processors that offer them.
Rao and Woodgate didn’t mention AMD of course but it has had something similar since 2016 called SME (Secure Memory Encryption). Unlike Intel's SGX, SME allows any page in RAM to be encrypted and decrypted in hardware. Any page marked for encryption would be encrypted with an ephemeral 128-bit AES key—generated via hardware RNG (random number generator) at each reboot. These ephemeral keys are only accessible to the CPU hardware itself and cannot be exposed to users (including root or system administrator level users).
AMD's approach to memory encryption also involves far less performance impact than Intel SGX.
Rao and Woodgate put a brave face on things by talking up how SGX has been and is being used in Azure. But it seems apparent that the systemwide approach to memory encryption already implemented in AMD's Epyc CPUs—and even in some of their desktop line—will have a far greater lasting impact. Intel's slides about their own upcoming full memory encryption are labelled "innovations," but they just catching up to what AMD already has done.