Analysis: As cloud service providers increasingly look to x86 architecture alternatives, Intel and AMD are trying to find ways to gain or hold favor in the market – and this includes baking in security features and forming services and partnerships.
Both semiconductor giants announced cloud security initiatives this week. At the Intel Vision event on Wednesday, Intel revealed its Project Amber remote verification service for cloud providers, among other things. A day before, Google Cloud detailed a collaboration with AMD to harden the security of the chip designer’s Epyc processors.
The dueling efforts both revolve around confidential computing, which aims to protect sensitive data by encrypting it in memory using hardware-based so-called trusted execution environments, also known as secure enclaves, which are provided by the latest server chips from Intel and AMD. This technology is backed by industry players, including Arm, which too has confidential computing in its architecture.
At the heart of confidential computing is the desire to protect sensitive data and code from not only other software and users on a cloud server but also the administrators of the machine. It’s aimed at customers who want to process information off-premises and be assured that not even a rogue insider, or a compromised or malicious hypervisor or system software component, at the remote datacenter can interfere with or spy on that data.
While Intel has historically been the dominant fabricator of CPUs for cloud providers, the company manufacturing missteps has allowed AMD to steal market share and double its cloud business for several quarters with faster, higher-core-count processors fabbed by TSMC.
Now that Intel is working to regain technology leadership as part of an ambitious comeback plan, the two rivals are facing a threat in the form of cloud providers adopting alternative chip architects, primarily Arm, to provide faster and more efficient services.
New ‘trust-as-a-service’ from Intel:
It is against this backdrop that Intel on Wednesday announced Project Amber, a software-as-a-service offering that acts as an independent authority for remotely verifying the trustworthiness of a confidential computing environment in cloud and edge infrastructure.
Intel plans to offer Project Amber as a multi-cloud service that supports multiple kinds of secure enclaves accessible from bare-metal containers, virtual machines, and containers in VMs.
The initial version will only support secure enclaves protected by the Intel Software Guard Extensions (SGX) feature, natch, which debuted in mainstream Xeon processors last year with the launch of Intel’s much-delayed Ice Lake server chips. The chipmaker said it hopes to extend coverage to enclaves provided by other companies in the future.
Intel plans to build a software ecosystem around the service, saying its staff are working with independent software vendors to build services on top of Project Amber, which will be managed by software tools and APIs.
In Wednesday’s Intel Vision keynote, Intel CTO Greg Lavender called Project Amber a “trust-as-a-service solution” and said it establishes trustworthy environments through the attestation process so that users can feel safe running “sensitive, mission critical data” in the cloud.
“In this architecture, the attestation authority is no longer linked to the infrastructure provider. This decoupling helps provide objectivity and independence to enhance trust assurance to users and application developers,” said Lavender, who leads Intel’s software organization.
Intel is expected to run a pilot for Project Amber with select customers later this year. A spokesperson declined to provide details of how it plans to monetize Project Amber, but with its SaaS slant, we suspect it could join the chipmaker’s expanding portfolio of commercial software products that CEO Pat Gelsinger hopes will make Intel more competitive.
Lavender said Intel is working to make it easier for companies to use Intel SGX with an open-source project called Gramine that enables developers to run unmodified Linux applications in SGX enclaves. This is important, because the feature has historically required developers to modify the code of applications to make use of SGX, which has created obstacles for wider industry adoption.
“Gramine provides a ‘push button’ method for easily protecting applications and data. This means a faster, more secure and more scalable end-to-end security solution with minimal effort,” Lavender said.
AMD deepens collaboration with Google Cloud:
While Intel introduced SGX all the way back in 2013, AMD beat its rival to the datacenter market with the first mainstream server CPUs to incorporate confidential computing capabilities with the debut of its Epyc family in 2017. AMD then made things more viable for cloud providers by significantly increasing the number of encryption keys in the second generation of Epyc in 2019.
The fact that AMD was the only chip designer at the time with confidential computing capabilities in mainstream server CPUs was one of the main reasons Google Cloud ended up choosing AMD over Intel to power its Confidential Virtual Machines product, which launched in 2020.
Google Cloud said ease-of-use and low-performance impact were two other reasons it chose AMD’s Secure Encryption Virtualization (SEV), the main feature enabling confidential computing capabilities in Epyc. Despite the expansion of Intel SGX in mainstream Xeon processors in 2021, Google Cloud has yet to adopt SGX for new products in its Confidential Computing portfolio.
Instead, the cloud provider has deepened its partnership with AMD through a collaborative, in-depth security review of Epyc’s security capabilities, which was announced on Tuesday. The review allowed the chip designer to identify and fix vulnerabilities in the secure coprocessor that enables SEV and other confidential computing features in Epyc chips.
The results of that technical review are here, and it revealed 19 security weaknesses, which were addressed by AMD in patches that were released over past months.
The audit is a big deal because it required AMD to give Google Cloud’s security teams access to the chip designer’s proprietary firmware and hardware components so that researchers could scrutinize every detail of AMD’s implementation and devise custom tests.
After all, there have been plenty of times when independent researchers have uncovered flaws in both Intel SGX and AMD SEV on their own, so AMD has incentive to work with a cloud provider that is buying a substantial amount of its processors.
Google Cloud conducted the review as it seeks to expand its Confidential Computing portfolio, and the cloud provider said the audit gave it the confidence that such products meet a “elevated security bar” as its Confidential VMs are now “protected against a broad range of attacks . “
“At the end of the day, we all benefit from a secure ecosystem that organizations rely on for their technology needs and that is why we’re incredibly appreciative of our strong collaboration with AMD on these efforts,” said Royal Hansen, head of security engineering at Google.
While Intel has yet to win over Google Cloud with SGX, the semiconductor giant’s confidential computing capabilities have been adopted by Microsoft Azure and IBM, among smaller infrastructure providers. Azure and IBM have also bought into AMD’s competing features.
With one research firm estimating the confidential computing market to reach $ 54 billion by 2026, the latest efforts by Intel and AMD underline how both companies view the underlying technology as an important way to win favor with cloud providers in the future. And they’re no doubt getting ready for other chip vendors to enter the fray with their own capabilities. ®:
Intel did introduce SGX in the company Xeon E CPUs for entry-level servers in 2017, but they were only made for single-socket servers, and they were not part of the mainstream Xeon Scalable lineup.