Which CPU security extension creates a hardware-based secure enclave that keeps cryptographic keys and other sensitive data inaccessible even to higher-privilege software such as the operating system or a hypervisor?
Intel Software Guard Extensions (SGX) establish protected enclaves in memory that are decrypted only inside the CPU. Code and data inside an SGX enclave cannot be read or modified by anything outside the enclave-not even kernel-mode code or a hypervisor-making it the best choice for isolating cryptographic keys. The other options improve performance or virtualization capabilities but do not provide this level of hardware-enforced isolation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are secure enclaves in modern CPUs?
Open an interactive chat with Bash
How do secure enclaves protect cryptographic keys?