Intel's Trusted Execution Technology encrypts everything
Viruses, malicious code, spyware and other security threats may become a past worry says Intel. According to Intel, its R&D team is hard at work on a technology called Trusted Execution Technology -- previously called LaGrande. Abbreviated as TXT, Intel's Trusted Execution Technology will use hardware keys and subsystems to control what part of a computer's resources can be accessed and who or what will be granted or denied access.
Going beyond the NX bit, or the Non-execution bit that is currently enabled inside recent processors from both AMD and Intel, TXT will bring a whole new dimension of security to PCs. In fact, TXT will also be able to work in a virtualized environment on systems with Intel's VT technology. Guest operating systems will be able to take advantage of features on a TXT-enabled platform.
Starting from the use of more advanced Trusted Platform Module (TPM) chips and adding new hardware extensions to both processors and chipsets, TXT can perform the following:
Protected Execution: This feature allows an application that has the ability to execute in an isolated environment, to be shielded from other software running on the same platform. No other software may monitor or compromise the data or the application in the protected environment. Plus, each application running in PE mode has its own physically dedicated resources from both the processor and system chipset.
Sealed Storage: The new advanced TPM chips are able to store and encrypt keys in hardware. Only the same system that the TPM is integrated into can decrypt the keys. Any attempts at copying data out of the TPM will result in scrambling.
Protected Input: Intel is developing mechanisms that will prevent unauthorized monitoring of human input devices such as mouse clicks and keyboard strokes. Not only will traditional input devices be encrypted, but data traversing the USB bus will also be encrypted too.
Protected Graphics: applications that are running in the PE environment will have its graphics path encrypted. Data being sent to a graphics card's frame buffer from an application will be encrypted and cannot be observed by unauthorized code. For example, a particular notice box popping up can be encrypted, while other windows remain unprotected.
Protected Launch: this part of TXT will control and protect critical parts of the operating system and other system related components from being compromised during launch. OS kernel components for example are protected during and after launch.
According to Intel:
The hardware-rooted security enables the ability to increase the confidentiality and integrity of sensitive information from software-based attacks, protect sensitive information without compromising the usability of a platform, and deliver increased security in platform-level solutions through measurement and protection capabilities. It provides a general-purpose, safer computing environment capable of running a wide variety of operating systems.
Intel will also provide a mechanism called Attestation for TXT, which is a self-monitoring component that ensures that the TXT system was enabled properly. Attestation will provide monitoring, as well as applications running in protected space.
Processors will have split execution spaces called partitions, similar to the concept of partitions on a hard drive. These partitions can be labeled as protected or non-protected. Standard partitions, those that are not protected, are now referred to as "legacy" partitions. A TXT-enabled processor will be able to have both a legacy and protected partition coexist together. Chipsets will also be designed with TXT technology. According to Intel, every part of a TXT-enabled platform will have the technology built in so that every pathway that is traversed by data will be able to offer a high level of security. With TXT, Intel is taking a no-compromise approach to securing data. All components of a system will be protected:
Processor execution memory
Processor event handling
System memory
Memory and chipset paths
Storage subsystems
Human input devices
Graphics output
Currently close to being finished, Intel will demonstrate the first working implementations of TXT technology sometime in 2007 on Intel vPro platforms. The technology will make an appearance in business platforms first, before making a showing on consumer desktops. Major OEMs have begun sampling TXT-based platforms from Intel already this year.
Intel offers encrypted computing
Moderator: Thanas
-
Ace Pace
- Hardware Lover
- Posts: 8456
- Joined: 2002-07-07 03:04am
- Location: Wasting time instead of money
- Contact:
Intel offers encrypted computing
Dailytech
Brotherhood of the Bear | HAB | Mess | SDnet archivist |
I know, I understand the implications, but it still feels like, at least for the people that know how to secure their systems (and it's really not that hard) and practice safe computing, the benefits are not that much (adds another layer to the defenses) while sabotaging what the user wants to do. The computer shouldn't be the one enforcing rules on the user (I'm obviusly talking about owned machines, not stuff like group policies in companies).
It also doesn't defend against whole classes of malware like dialers, which means that it cannot be put in place of other anti-malware protections, just added to it. And on Linux and MacOS and others, security thru obscurity still reigns.
I can see the good implications in the corporate world (for example, making industrial sabotage more difficult by tying documents with the company's computer), but in the private world I see it only truly benefiting DRM-users.
It also doesn't defend against whole classes of malware like dialers, which means that it cannot be put in place of other anti-malware protections, just added to it. And on Linux and MacOS and others, security thru obscurity still reigns.
I can see the good implications in the corporate world (for example, making industrial sabotage more difficult by tying documents with the company's computer), but in the private world I see it only truly benefiting DRM-users.
-
ThatGuyFromThatPlace
- Jedi Knight
- Posts: 691
- Joined: 2006-08-21 12:52am
It's has some good utility for Crypto-punks.
And I think I heard that Intel was going to structure it in a way to prevent third-party DRM's being able to take advantages of the TXT, but I have no idea how or if that made it too the final version, I hope so though.
And I think I heard that Intel was going to structure it in a way to prevent third-party DRM's being able to take advantages of the TXT, but I have no idea how or if that made it too the final version, I hope so though.
[img=right]http://www.geocities.com/jamealbeluvien/revolution.jpg[/img]"Nothing here is what it seems. You are not the plucky hero, the Alliance is not an evil empire, and this is not the grand arena."
- The Operative, Serenity
"Everything they've ever "known" has been proven to be wrong. A thousand years ago everybody knew as a fact, that the earth was the center of the universe. Five hundred years ago, they knew it was flat. Fifteen minutes ago, you knew we humans were alone on it. Imagine what you'll know tomorrow."
-Agent Kay, Men In Black
- The Operative, Serenity
"Everything they've ever "known" has been proven to be wrong. A thousand years ago everybody knew as a fact, that the earth was the center of the universe. Five hundred years ago, they knew it was flat. Fifteen minutes ago, you knew we humans were alone on it. Imagine what you'll know tomorrow."
-Agent Kay, Men In Black