Intel® trusted execution technology for safer computing, code named LaGrande Technology (LT), is a versatile set of hardware extensions to Intel® processors and chipsets that enhances any personal computer (PC) platform (for example, the digital office platform) with security capabilities such as measured launch and protected execution. LT is a component of the Intel safer computing initiative, and was first introduced in client platforms. Intel trusted execution technology provides hardware-based mechanisms that help protect against software-based attacks and protects the confidentiality and integrity of data (for example, passwords, keys, etc.) stored or created on a personal computer (PC).
Better protection is achieved by enabling an environment where applications can run within their own space, protected from all other software on the system. These capabilities provide the protection mechanisms, rooted in hardware, that are necessary to provide trust in the application's execution environment and help protect vital data and processes from being compromised by malicious software running on a platform.
In Intel trusted execution technology control flow, a VMM (Virtual Machine Monitor) loader launches an Intel signed module which is presented with the cryptographic measurement of the platform firmware code (and/or platform Basic Input/Output System (BIOS) code). This module contains what is known as a launch control policy (LCP) engine. This policy engine compares this measurement with what is recorded in a policy data structure and communicates to the VMM the security “goodness” of the BIOS firmware. The VMM gets to choose whether to trust the measured platform BIOS code or not. If it trusts the BIOS code, it will launch a secure environment.