IBM x3850 X6 Planning And Implementation Manual page 44

Machine Check Architecture recovery
The Intel Xeon processor E7 family also features Machine Check Architecture (MCA)
recovery, a RAS feature that enables the handling of system errors that otherwise require that
the operating system be halted. For example, if a dead or corrupted memory location is
discovered, but it cannot be recovered at the memory subsystem level, and provided it is not
in use by the system or an application, an error can be logged and the operation of the server
can continue. If it is in use by a process, the application to which the process belongs can be
stopped or informed about the situation.
Implementation of the MCA recovery requires hardware support, firmware support (such as
found in the UEFI), and operating system support. Microsoft, SUSE, Red Hat, VMware, and
other operating system vendors include or plan to include support for the Intel MCA recovery
feature on the Intel Xeon processors in their latest operating system versions.
The following new MCA recovery features of the Intel Xeon processor E7-4800/8800 v2
product family are included:
Execution path recovery: Ability to work with hardware and software to recognize and
isolate the errors that were delivered to the execution engine (core).
Enhanced MCA (eMCA) Generation 1: Provides enhanced error log information to the
operating system, hypervisor, or application that can be used to provide better diagnostic
and predictive failure analysis for the system. This enables higher levels of uptime and
reduced service costs.
Security improvements
The Intel Xeon E7-4800/8800 v2 processor family has several important security
improvements that help to protect systems from different types of security threats.
Intel OS Guard: Evolution® of Intel Execute Disable Bit technology, which helps to protect
from escalation of privilege attacks by preventing code execution from userspace memory
pages while in kernel-mode. It helps to protect from certain types of malware attacks.
Intel Trusted Execution Technology (Intel TXT), Intel VT-x, and Intel VT-d: New
hardware-based techniques, which allow you to isolate virtual machines and boot VMs
only in a trusted environment. In addition, malware infected VMs cannot affect another
VMs on the same host.
Intel Secure Key: Provides hardware random numbers generation without storing any data
in system memory. It keeps generated random numbers out of sight of malware and
therefore enhances encryption protection.
For more information, read the following Intel White Paper:
http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/3rd-gen-c
ore-vpro-security-paper.pdf
28
IBM System x3850 X6 and x3950 X6 Planning and Implementation Guide