Technologies
82 Intel® Xeon® Processor E5-1600/E5-2600/E5-4600 Product Families
Datasheet Volume One
These extensions enhance two areas:
• The launching of the Measured Launched Environment (MLE).
• The protection of the MLE from potential corruption.
The enhanced platform provides these launch and control interfaces using Safer Mode
Extensions (SMX).
The SMX interface includes the following functions:
• Measured/Verified launch of the MLE.
• Mechanisms to ensure the above measurement is protected and stored in a secure
location.
• Protection mechanisms that allow the MLE to control attempts to modify itself.
For more information refer to the
Intel® Trusted Execution Technology Software
Development Guide.
For more information on Intel Trusted Execution Technology, see
http://www.intel.com/technology/security/
3.2.2 Intel Trusted Execution Technology – Server Extensions
• Software binary compatible with Intel Trusted Execution Technology Server
Extensions
• Provides measurement of runtime firmware, including SMM
• Enables run-time firmware in trusted session: BIOS and SSP
• Covers support for existing and expected future Server RAS features
• Only requires portions of BIOS to be trusted, for example, Option ROMs need not
be trusted
• Supports S3 State without teardown: Since BIOS is part of the trust chain
3.2.3 Intel® Advanced Encryption Standard Instructions
(Intel® AES-NI)
These instructions enable fast and secure data encryption and decryption, using the
Intel® AES New Instructions (Intel® AES-NI), which is defined by FIPS Publication
number 197. Since Intel AES-NI is the dominant block cipher, and it is deployed in
various protocols, the new instructions will be valuable for a wide range of applications.
The architecture consists of six instructions that offer full hardware support for Intel
AES-NI. Four instructions support the Intel AES-NI encryption and decryption, and the
other two instructions support the Intel AES-NI key expansion. Together, they offer a
significant increase in performance compared to pure software implementations.
The Intel AES-NI instructions have the flexibility to support all three standard Intel
AES-NI key lengths, all standard modes of operation, and even some nonstandard or
future variants.
Beyond improving performance, the Intel AES-NI instructions provide important
security benefits. Since the instructions run in data-independent time and do not use
lookup tables, they help in eliminating the major timing and cache-based attacks that
threaten table-based software implementations of Intel AES-NI. In addition, these
instructions make AES simple to implement, with reduced code size. This helps
reducing the risk of inadvertent introduction of security flaws, such as difficult-to-
detect side channel leaks.