Technologies

These extensions enhance two areas:

The launching of the Measured Launched Environment (MLE).

The protection of the MLE from potential corruption.

The enhanced platform provides these launch and control interfaces using Safer Mode Extensions (SMX).

The SMX interface includes the following functions:

Measured/Verified launch of the MLE.

Mechanisms to ensure the above measurement is protected and stored in a secure location.

Protection mechanisms that allow the MLE to control attempts to modify itself.

For more information refer to the Intel® Trusted Execution Technology Software Development Guide. For more information on Intel Trusted Execution Technology, see http://www.intel.com/technology/security/

3.2.2Intel Trusted Execution Technology – Server Extensions

Software binary compatible with Intel Trusted Execution Technology Server Extensions

Provides measurement of runtime firmware, including SMM

Enables run-time firmware in trusted session: BIOS and SSP

Covers support for existing and expected future Server RAS features

Only requires portions of BIOS to be trusted, for example, Option ROMs need not be trusted

Supports S3 State without teardown: Since BIOS is part of the trust chain

3.2.3Intel® Advanced Encryption Standard Instructions (Intel® AES-NI)

These instructions enable fast and secure data encryption and decryption, using the Intel® AES New Instructions (Intel® AES-NI), which is defined by FIPS Publication number 197. Since Intel AES-NI is the dominant block cipher, and it is deployed in various protocols, the new instructions will be valuable for a wide range of applications.

The architecture consists of six instructions that offer full hardware support for Intel AES-NI. Four instructions support the Intel AES-NI encryption and decryption, and the other two instructions support the Intel AES-NI key expansion. Together, they offer a significant increase in performance compared to pure software implementations.

The Intel AES-NI instructions have the flexibility to support all three standard Intel AES-NI key lengths, all standard modes of operation, and even some nonstandard or future variants.

Beyond improving performance, the Intel AES-NI instructions provide important security benefits. Since the instructions run in data-independent time and do not use lookup tables, they help in eliminating the major timing and cache-based attacks that threaten table-based software implementations of Intel AES-NI. In addition, these instructions make AES simple to implement, with reduced code size. This helps reducing the risk of inadvertent introduction of security flaws, such as difficult-to- detect side channel leaks.

82

Intel® Xeon® Processor E5-1600/E5-2600/E5-4600 Product Families

 

Datasheet Volume One

Page 82
Image 82
Intel E5-2600, CM8062101038606, E5-4600, E5-1600 manual Intel Trusted Execution Technology Server Extensions