Intel CM8062101038606, E5-1600, E5-2600, E5-4600 3.2.2 Intel Trusted Execution Technology Server Extensions, 3.2.3 Intel Advanced Encryption Standard Instructions (Intel AES-NI)

Technologies

82 Intel® Xeon® Processor E5-1600/E5-2600/E5-4600 Product Families

Datasheet Volume One

These extensions enhance two areas:

• The launching of the Measured Launched Environment (MLE).

• The protection of the MLE from potential corruption.

The enhanced platform provides these launch and control interfaces using Safer Mode

Extensions (SMX).

The SMX interface includes the following functions:

• Measured/Verified launch of the MLE.

• Mechanisms to ensure the above measurement is protected and stored in a secure

location.

• Protection mechanisms that allow the MLE to control attempts to modify itself.

For more information refer to the Intel® Trusted Execution Technology Software

Development Guide. For more information on Intel Trusted Execution Technology, see

http://www.intel.com/technology/security/

3.2.2 Intel Trusted Execution Technology – Server Extensions

• Software binary compatible with Intel Trusted Execution Technology Server

Extensions

• Provides measurement of runtime firmware, including SMM

• Enables run-time firmware in trusted session: BIOS and SSP

• Covers support for existing and expected future Server RAS features

• Only requires portions of BIOS to be trusted, for example, Option ROMs need not

be trusted

• Supports S3 State without teardown: Since BIOS is part of the trust chain

3.2.3 Intel® Advanced Encryption Standard Instructions (Intel® AES-NI)

These instructions enable fast and secure data encryption and decryption, using the

Intel® AES New Instructions (Intel® AES-NI), which is defined by FIPS Publication

number 197. Since Intel AES-NI is the dominant block cipher, and it is deployed in

various protocols, the new instructions will be valuable for a wide range of applications.

The architecture consists of six instructions that offer full hardware support for Intel

AES-NI. Four instructions support the Intel AES-NI encryption and decryption, and the

other two instructions support the Intel AES-NI key expansion. Together, they offer a

significant increase in performance compared to pure software implementations.

The Intel AES-NI instructions have the flexibility to support all three standard Intel

AES-NI key lengths, all standard modes of operation, and even some nonstandard or

future variants.

Beyond improving performance, the Intel AES-NI instructions provide important

security benefits. Since the instructions run in data-independent time and do not use

lookup tables, they help in eliminating the major timing and cache-based attacks that

threaten table-based software implementations of Intel AES-NI. In addition, these

instructions make AES simple to implement, with reduced code size. This helps

reducing the risk of inadvertent introduction of security flaws, such as difficult-to-

detect side channel leaks.