Intel BB5520UR Product Specification - Page 69

Intel® Server Boards S5520HC, S5500HCV, and S5520HCT TPS Functional Architecture 3.13.3 Intel® Trusted Execution Technology (Intel® TXT) 3.13.3.1 Overview Intel® Trusted Execution Technology (Intel® TXT) for safer computing, formerly code named LaGrande Technology, is a versatile set of hardware extensions to Intel® processors and chipsets that enhance the platform with security capabilities such as measured launch and protected execution. Intel® TXT provides hardware-based mechanisms that help protect against software-based attacks and protects the confidentiality and integrity of data stored or created on the system. It does this by enabling an environment where applications can run within their own space, protected from all other software on the system. These capabilities provide the protection mechanisms, rooted in hardware, that are necessary to provide trust in the application's execution environment. In turn, this can help to protect vital data and processes from being compromised by malicious software running on the platform. Long available on client platforms, Intel is now enabling Intel TXT on selected server platforms as well. 3.13.3.2 Intel® TXT hardware overview Implementation of a Trusted Execution Technology-enabled platform requires a number of hardware enhancements. Key hardware elements of this platform are: Processor: Extensions to the IA-32 architecture allow for the creation of multiple execution environments, or partitions. This allows for the coexistence of a standard (legacy) partition and protected partition, where software can run in isolation in the protected partition, free from being observed or compromised by other software running on the platform. Access to hardware resources (such as memory) is hardened by enhancements in the processor and chipset hardware. Other processor enhancements include: (1) event handling, to reduce the vulnerability of data exposed through system events, (2) instructions to manage the protected execution environment, (3) and instructions to establish a more secure software stack. Chipset: Extensions to the chipset deliver support for key elements of this new, more protected platform. They include: (1) the capability to enforce memory protection policy, (2) enhancements to protect data access from memory, (3) protected channels to graphics and input/output devices, (4) and interfaces to the Trusted Platform Module [Version 1.2]. Keyboard and Mouse: Enhancements to the keyboard and mouse enable communication between these input devices and applications running in a protected partition to take place without being observed or compromised by unauthorized software running on the platform. Graphics: Enhancements to the graphic subsystem enable applications running within a protected partition to send display information to the graphics frame buffer without being observed or compromised by unauthorized software running on the platform. The TPM v. 1.2 device: Also called the Fixed Token, is bound to the platform and connected to the PC's LPC bus. The TPM provides the hardware-based mechanism to store or 'seal' keys and other data to the platform. It also provides the hardware mechanism to report platform attestations. 3.13.3.3 Enabling Intel® TXT on Intel® Server Board Intel® TXT can be supported by Intel® Server Board S5520HCT (PBA# E80888-553 or later version), following steps describe how to set up Intel® TXT feature: Revision 1.8 55 Intel order number E39529-013