Txt) - Intel BB5520UR Technical Product Specification

Intel® Server Boards S5520HC, S5500HCV, and S5520HCT TPS
3.13.3 Intel
®
3.13.3.1 Overview
®
Intel Trusted Execution Technology (Intel
LaGrande Technology, is a versatile set of hardware extensions to Intel
chipsets that enhance the platform with security capabilities such as measured launch and
protected execution. Intel
software-based attacks and protects the confidentiality and integrity of data stored or created on
the system. It does this by enabling an environment where applications can run within their own
space, protected from all other software on the system. These capabilities provide the protection
mechanisms, rooted in hardware, that are necessary to provide trust in the application's
execution environment. In turn, this can help to protect vital data and processes from being
compromised by malicious software running on the platform. Long available on client platforms,
Intel is now enabling Intel TXT on selected server platforms as well.
®
3.13.3.2 Intel
Implementation of a Trusted Execution Technology-enabled platform requires a number of
hardware enhancements. Key hardware elements of this platform are:
Processor: Extensions to the IA-32 architecture allow for the creation of multiple execution
environments, or partitions. This allows for the coexistence of a standard (legacy) partition and
protected partition, where software can run in isolation in the protected partition, free from being
observed or compromised by other software running on the platform. Access to hardware
resources (such as memory) is hardened by enhancements in the processor and chipset
hardware. Other processor enhancements include: (1) event handling, to reduce the
vulnerability of data exposed through system events, (2) instructions to manage the protected
execution environment, (3) and instructions to establish a more secure software stack.
Chipset: Extensions to the chipset deliver support for key elements of this new, more protected
platform. They include: (1) the capability to enforce memory protection policy, (2) enhancements
to protect data access from memory, (3) protected channels to graphics and input/output
devices, (4) and interfaces to the Trusted Platform Module [Version 1.2].
Keyboard and Mouse: Enhancements to the keyboard and mouse enable communication
between these input devices and applications running in a protected partition to take place
without being observed or compromised by unauthorized software running on the platform.
Graphics: Enhancements to the graphic subsystem enable applications running within a
protected partition to send display information to the graphics frame buffer without being
observed or compromised by unauthorized software running on the platform.
The TPM v. 1.2 device: Also called the Fixed Token, is bound to the platform and connected to
the PC's LPC bus. The TPM provides the hardware-based mechanism to store or 'seal' keys
and other data to the platform. It also provides the hardware mechanism to report platform
attestations.
3.13.3.3 Enabling Intel
®
Intel TXT can be supported by Intel
version), following steps describe how to set up Intel
Revision 1.8
Trusted Execution Technology (Intel
®
TXT provides hardware-based mechanisms that help protect against
TXT hardware overview
®
TXT on Intel
®
Server Board S5520HCT (PBA# E80888-553 or later
Intel order number E39529-013

TXT)

®
®
TXT) for safer computing, formerly code named
®
Server Board
®
TXT feature:
Functional Architecture
®
processors and
55