- #Intel r trusted execution engine interface dell serial
- #Intel r trusted execution engine interface dell software
- #Intel r trusted execution engine interface dell code
Intel TXT and the TPM must enabled within BIOS.Īuthenticated Code Modules (ACMs) created and signed by Intel must be present inside the BIOS. Īn Intel chipset with Intel VT must be present to provide the isolation capabilities for the MLE (based on Intel VT-d and Intel VT-x).
#Intel r trusted execution engine interface dell software
TPM capabilities and requirements are defined by the Trusted Computing Group (TCG), an industry initiative “formed to develop, define and promote open, vendor-neutral, industry standards for trusted computing building blocks and software interfaces across multiple platforms.” TPM Details can be found in the main TPM specification.
#Intel r trusted execution engine interface dell serial
TPMs are devices manufactured by various third-party silicon providers that attach to the chipset via the Low Pin Count (LPC) bus or Serial Peripheral Interface (SPI), and they provide a number of security functions.
The chipset and the TPM work together to ensure that the measurements and security properties of the system are not spoofed by untrusted components. These features were introduced with the Intel Xeon processor 5600 series.Ī Trusted Platform Module (TPM) must be integrated with the chipset. Server platforms in the measured launch environment must be based on the Intel® Xeon® processor, with support for Intel TXT and Intel VT-x (VMX and SMX). Component overview of a Measured Launch Environment (MLE). This document assumes the presence of supported hardware and software components, as defined in that matrix.įigure 2. NOTE: To choose server platforms, operating environments, and hypervisors that support Intel TXT, please refer to the Intel® Trusted Execution Technology Server Platform Availability Matrix. The following discussion summarizes, at a high level, the components that must be present and properly configured before management can be fully realized for a trusted platform, a trusted VM, or a group of trusted VMs. To create a trusted environment and enable the management layer within it, certain hardware and software requirements must be met. Attestation and cloud-management software work with those components to enable management and reporting for the trusted system environment. Intel TXT must be enabled at multiple levels, including hardware, BIOS, OS, and hypervisor. Later sections of this document describe the hardware and software requirements associated with Intel TXT in greater detail.įigure 1. Intel TXT works with Intel® Virtualization Technology (Intel® VT) to create a trusted, isolated environment for VMs.įigure 1 is a simplified diagram of Intel TXT stages and components. This advances security to address key stealth attack mechanisms used to gain access to parts of the data center in order to access or compromise information. Rather than relying on the detection of malware, Intel TXT builds trust into a known software environment and thus ensures that the software being executed hasn’t been compromised. Security policies based on a trusted platform or pool status can then be set to restrict (or allow) the deployment or redeployment of virtual machines (VMs) and data to trusted platforms with known security profiles. The corresponding signature at the time of future launches can then be compared against that known-good state to verify a trusted software launch, to execute system software, and to ensure that cloud infrastructure as a service (IaaS) has not been tampered with. The technology provides a signature that represents the state of an intact system’s launch environment. Intel TXT reduces the overall attack surface for both individual systems and compute pools. Because of the escalating sophistication of malicious threats, mainstream organizations must employ ever-more stringent security requirements and scrutinize every aspect of the execution environment. Intel TXT is compact and difficult to defeat or subvert, and it allows for flexibility and extensibility to verify the integrity of platform components during boot and launch, including BIOS, operating system loader, and hypervisor.
Intel TXT is the hardware basis for mechanisms that validate platform trustworthiness during boot and launch, which enables reliable evaluation of the computing platform and its protection level. 7.3.4 Intel Trust Attestation Solution (Enterprise Edition) Dashboard.7.3.3 Deploying Intel Trust Attestation Solution (Enterprise Edition).7.3 Intel Trust Attestation Solution (Enterprise Edition).7.2.3 Red Hat Fedora*-Specific OAT Deployment Guidelines.7.2.2 General OAT Deployment Guidelines.6.3 Governance, Risk, and Compliance (GRC).6.2 Security Information Event Management (SIEM).6.1.1 Confidential Data and Sensitive Workloads.3.2.2 Platform Configuration Registers (PCRs)Ĥ Implementing Intel® TXT on Supported Hardware and SoftwareĦ Management of Trusted Systems with Use Cases.3.1 Measuring and Validating the Environment.
1 Overview of Benefits from Intel® Trusted Execution Technology (Intel® TXT)ģ Measured Launch Environment and Trusted Launch Sequence