Intel® Trusted Execution Technology: White Paper Executive Summary A building is only as good as its foundation. The same is true for a computer architecture’s information security. In an age where security breaches in IT infrastructure are regular front page news, it’s imperative that organizations use the most secure building blocks for the foundations of their IT solutions. This is of ...growing importance today, as IT managers are being asked to evolve their data centers into new and more demanding uses that challenge existing security practices. For example, as the data center gets increasingly virtualized, high-value or highly sensitive workloads from different lines of business will be shared across common physical infrastructure. Where traditional physical isolation is no longer possible a more trusted infrastructure is key to maintaining the high assurance required to meet the security needs in the data center.
This paper describes a highly scalable architecture called Intel® Trusted Execution Technology (Intel® TXT) that provides hardware-based security technologies to build a solid foundation for security. Built into Intel’s silicon, these technologies address the increasing and evolving security threats across physical and virtual infrastructure by complementing runtime protections such as anti-virus software. Intel TXT also can play a role in meeting government and industry regulations and data protection standards by providing a hardware-based method of verification useful in compliance efforts.
Intel TXT is specifically designed to harden platforms from the emerging threats of hypervisor attacks, BIOS, or other firmware attacks, malicious root kit installations, or other software-based attacks. It increases protection by allowing greater control of the launch stack through a Measured Launch Environment (MLE) and enabling isolation in the boot process. More specifically, it extends the Virtual Machine Extensions (VMX) environment of Intel® Virtualization Technology (Intel® VT), permitting a verifiably secure installation, launch, and use of a hypervisor or operating system (OS).