HOME

TheInfoList



OR:

Intel Trusted Execution Technology (Intel TXT, formerly known as LaGrande Technology) is a computer hardware technology whose primary goals are: * Attestation of the authenticity of a platform and its
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
. * Assuring that an authentic operating system starts in a trusted environment, which can then be considered trusted. * Provision of a trusted operating system with additional security capabilities not available to an unproven one. Intel TXT uses a
Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...
(TPM) and cryptographic techniques to provide measurements of software and platform components so that system software as well as local and remote management applications may use those measurements to make trust decisions. It complements
Intel Management Engine The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of mod ...
. This technology is based on an industry initiative by the
Trusted Computing Group The Trusted Computing Group is a group formed in 2003 as the successor to the Trusted Computing Platform Alliance which was previously formed in 1999 to implement Trusted Computing concepts across personal computers. Members include Intel, AMD, I ...
(TCG) to promote safer computing. It defends against software-based attacks aimed at stealing sensitive information by corrupting system or
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
code, or modifying the platform's configuration.


Details

The
Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...
(TPM) as specified by the TCG provides many security functions including special registers (called
Platform Configuration Registers Platform may refer to: Technology * Computing platform, a framework on which applications may be run * Platform game, a genre of video games * Car platform, a set of components shared by several vehicle models * Weapons platform, a system or ...
– PCRs) which hold various measurements in a shielded location in a manner that prevents spoofing. Measurements consist of a cryptographic hash using a Secure Hashing Algorithm (SHA); the TPM v1.0 specification uses the
SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographically broken but still widely used hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecima ...
hashing algorithm. More recent TPM versions (v2.0+) call for
SHA-2 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compression ...
. A desired characteristic of a cryptographic hash algorithm is that (for all practical purposes) the hash result (referred to as a hash digest or a hash) of any two modules will produce the same hash value only if the modules are identical.


Measurements

Measurements can be of code, data structures, configuration, information, or anything that can be loaded into memory. TCG requires that code not be executed until after it has been measured. To ensure a particular ''sequence'' of measurements, hash measurements in a sequence are not written to different PCRs, but rather a PCR is "extended" with a measurement. This means that the TPM takes the current value of the PCR and the measurement to be extended, hashes them together, and replaces the content of the PCR with that hash result. The effect is that the only way to arrive at a particular measurement in a PCR is to extend exactly the same measurements in exactly the same order. Therefore, if any module being measured has been modified, the resulting PCR measurement will be different and thus it is easy to detect if any code, configuration, data, etc. that has been measured had been altered or corrupted. The PCR extension mechanism is crucial to establishing a Chain of trust in layers of software (see below).


Chain of trust

The technology supports both a static chain of trust and a dynamic chain of trust. The static chain of trust starts when the platform powers on (or the platform is reset), which resets all PCRs to their default value. For server platforms, the first measurement is made by hardware (i.e., the processor) to measure a digitally signed module (called an Authenticated Code Module or ACM) provided by the
chipset In a computer system, a chipset is a set of electronic components An electronic component is any basic discrete device or physical entity in an electronic system used to affect electrons or their associated fields. Electronic components are ...
manufacturer. The processor validates the signature and integrity of the signed module before executing it. The ACM then measures the first BIOS code module, which can make additional measurements. The measurements of the ACM and BIOS code modules are extended to PCR0, which is said to hold the static core root of trust measurement (CRTM) as well as the measurement of the BIOS Trusted Computing Base (TCB). The BIOS measures additional components into PCRs as follows: * ''PCR0 – CRTM'', BIOS code, and Host Platform Extensions * ''PCR1'' – Host Platform Configuration * ''PCR2'' – Option
ROM Rom, or ROM may refer to: Biomechanics and medicine * Risk of mortality, a medical classification to estimate the likelihood of death for a patient * Rupture of membranes, a term used during pregnancy to describe a rupture of the amniotic sac * R ...
Code * ''PCR3'' – Option ROM Configuration and Data * ''PCR4'' – IPL (Initial Program Loader) Code (usually the
Master Boot Record A master boot record (MBR) is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBR ...
– MBR) * ''PCR5'' – IPL Code Configuration and Data (for use by the IPL Code) * ''PCR6'' – State Transition and Wake Events * ''PCR7'' – Host Platform Manufacturer Control The dynamic chain of trust starts when the operating system invokes a special security instruction, which resets dynamic PCRs (PCR17–22) to their default value and starts the measured launch. The first dynamic measurement is made by hardware (i.e., the processor) to measure another digitally signed module (referred to as the SINIT ACM) which is also provided by the chipset manufacturer and whose signature and integrity are verified by the processor. This is known as the Dynamic Root of Trust Measurement (DRTM). The SINIT ACM then measures the first operating system code module (referred to as the measured launch environment – MLE). Before the MLE is allowed to execute, the SINIT ACM verifies that the platform meets the requirements of the Launch Control Policy (LCP) set by the platform owner. LCP consists of three parts: # Verifying that the SINIT version is equal or newer than the value specified # Verifying that the platform configuration (PCONF) is valid by comparing PCR0–7 to known-good values (the platform owner decides which PCRs to include) # Verifying that the MLE is valid, by comparing its measurement to a list of known-good measurements. The integrity of the LCP and its lists of known-good measurements are protected by storing a hash measurement of the policy in the TPM in a protected non-volatile location that can only be modified by the platform owner.


Execute as a Trusted OS

Once the LCP is satisfied, the SINIT ACM allows the MLE to execute as a Trusted OS by enabling access to special security registers and enabling TPM Locality 2 level access. The MLE is now able to make additional measurements to the dynamic PCRs. The dynamic PCRs contain measurement of: * ''PCR17'' – DRTM and launch control policy * ''PCR18'' – Trusted OS start-up code (MLE) * ''PCR19'' – Trusted OS (for example OS configuration) * ''PCR20'' – Trusted OS (for example OS Kernel and other code) * ''PCR21'' – as defined by the Trusted OS * ''PCR22'' – as defined by the Trusted OS The technology also provides a more secure way for the operating system to initialize the platform. In contrast to the normal processor initialization [which involved the boot-strap-processor (BSP) sending a Start-up Inter-Processor Interrupt (SIPI) to each Application Processor, thus starting each processor in "real mode" and then transitioning to "virtual mode" and finally to "protected mode"], the operating system avoids that vulnerability by performing a secure launch (a.k.a. measured launch) which puts the Application Processors in a special sleep state from which they are directly started in protected mode with paging on, and are not allowed to leave this state.


Application

PCR values are available both locally and remotely. Furthermore, the TPM has the capability to digitally sign the PCR values (i.e., a PCR Quote) so that any entity can verify that the measurements come from, and are protected by, a TPM, thus enabling Remote Attestation to detect tampering, corruption, and malicious software. Additionally, those values can be used to identify the execution environment (the particular BIOS version, OS level, configuration, etc.) and compare them to their own lists of known-good values to further categorize the platform. This ability to evaluate and assign trust levels to platforms is known as Trusted Compute Pools. Some examples of how Trusted Compute Pools are used: * Isolation – the ability to control if a platform connects to the production network or is quarantined based on its trust level or failure to pass its launch control policy. * Trust Based Policy – such as restricting critical apps to only execute on platforms that meet a specified trust level * Compliance and Auditing – demonstrating that critical, personal, or sensitive data has only been processed on platforms that meet trust requirements Numerous server platforms include Intel TXT, and TXT functionality is leveraged by software vendors including
HyTrust HyTrust, an Entrust company, is an American company specializing in security, compliance and control software for virtualization of information technology infrastructure. The company was founded in 2007, and is based in Mountain View, Californi ...
,
PrivateCore PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data through server attestation and memory encryption. The company's attestation and memory encryption technology fills a gap that exi ...
,
Citrix Citrix Systems, Inc. is an American multinational cloud computing and virtualization technology company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. C ...
, and
VMware VMware, Inc. is an American cloud computing and virtualization technology company with headquarters in Palo Alto, California. VMware was the first commercially successful company to virtualize the x86 architecture. VMware's desktop software ru ...
.
Open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
projects also utilize the TXT functionality; for example, ''tboot'' provides a TXT-based integrity system for the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
and
Xen Xen (pronounced ) is a type-1 hypervisor, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently. It was originally developed by the University of Cambridge Computer Laboratory an ...
hypervisor. Windows 10 PCs with PCR7 Binding have the ability to enable or disable full device encryption.


See also

*
Intel vPro Intel vPro technology is an umbrella marketing term used by Intel for a large collection of computer hardware technologies, including VT-x, VT-d, Trusted Execution Technology (TXT), and Intel Active Management Technology (AMT). When the vPro bra ...
*
Next-Generation Secure Computing Base The Next-Generation Secure Computing Base (NGSCB; codenamed Palladium and also known as Trusted Windows') is a software architecture designed by Microsoft which aimed to provide users of the Windows operating system with better privacy, security, ...
*
Intel Management Engine The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of mod ...
*
Trusted Computing Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of Confidential Computing. The core ide ...


Notes


References


External links

* . * . * . * . * .
Intel TXT Overview
part of
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
documentation, December 1, 2014
Integrity management using Intel TXT
LWN.net LWN.net is a computing webzine with an emphasis on free software and software for Linux and other Unix-like operating systems. It consists of a weekly issue, separate stories which are published most days, and threaded discussion attached to ...
, April 1, 2009, by Jake Edge
Attacking Intel Trusted Execution Technology
Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a ...
, February 2009, by Rafal Wojtczuk and Joanna Rutkowska
Trusted Computing Technologies, Intel Trusted Execution Technology
Sandia National Laboratories, January 2011, by Jeremy Daniel Wendt and Max Joseph Guise {{Intel technology X86 architecture X86 instructions Trusted computing Intel x86 microprocessors