Blog post

1.11 – Explain Software Guard Extensions (SGX)

Some modern Intel CPUs implement a security extension called Intel Software Guard Extensions. It’s a processor-specific technology for application developers who seek to protect select code and data from disclosure or modification. It allows user-level code to define private regions of memory and these are protected such that code running outside this region cannot access the region contents.

User-level code to allocate private regions of memory is called enclaves.

vSGX does not support:

  • vMotion or DRS migrations
  • VM suspend and resume
  • VM snapshots with memory
  • Fault tolerance
  • Guest Integrity