Support User Manuals

Intel CM8063501287403 Computer Hardware User Manual

Open as PDF

of 232

Technologies

80 Intel® Xeon® Processor E5-1600 v2/E5-2600 v2 Product Families

Datasheet Volume One of Two

The Intel TXT platform helps to provide the authenticity of the controlling environment

such that those wishing to rely on the platform can make an appropriate trust decision.

The Intel TXT platform determines the identity of the controlling environment by

accurately measuring and verifying the controlling software.

Another aspect of the trust decision is the ability of the platform to resist attempts to

change the controlling environment. The Intel TXT platform will resist attempts by

software processes to change the controlling environment or bypass the bounds set by

the controlling environment.

Intel TXT is a set of extensions designed to provide a measured and controlled launch

of system software that will then establish a protected environment for itself and any

additional software that it may execute.

These extensions enhance two areas:

• The launching of the Measured Launched Environment (MLE).

• The protection of the MLE from potential corruption.

The enhanced platform provides these launch and control interfaces using Safer Mode

Extensions (SMX).

The SMX interface includes the following functions:

• Measured/Verified launch of the MLE.

• Mechanisms to ensure the above measurement is protected and stored in a secure

location.

• Protection mechanisms that allow the MLE to control attempts to modify itself.

For more information refer to the Intel® Trusted Execution Technology Software

Development Guide. For more information on Intel Trusted Execution Technology, see

http://www.intel.com/technology/security/

3.2.2 Intel® Trusted Execution Technology – Server Extensions

• Software binary compatible with Intel® Trusted Execution Technology –

Server Extensions

• Provides measurement of runtime firmware, including SMM

• Enables run-time firmware in trusted session: BIOS and SSP

• Covers support for existing and expected future Server RAS features

• Only requires portions of BIOS to be trusted, for example, Option ROMs need not

be trusted

• Supports S3 State without teardown: Since BIOS is part of the trust chain

3.2.3 AES Instructions

These instructions enable fast and secure data encryption and decryption, using the

Advanced Encryption Standard (AES) which is defined by FIPS Publication number 197.

Since AES is the dominant block cipher, and it is deployed in various protocols, the new

instructions will be valuable for a wide range of applications.

previous next