Intel® Trusted Execution Technology for safer computing, code named LaGrande Technology (LT), is a versatile set of hardware extensions to Intel® processors and chipsets that enhances the digital office platform with security capabilities such as measured launch and protected execution. Intel Trusted Execution Technology provides hardware-based mechanisms that help protect against software-based attacks and protects the confidentiality and integrity of data stored or created on a personal computer (PC).
Better protection is achieved by enabling an environment where applications can run within their own space, protected from all other software on the system. These capabilities provide the protection mechanisms, rooted in hardware, that are necessary to provide trust in the application's execution environment and help protect vital data and processes from being compromised by malicious software running on a platform.
LT was first introduced in client platforms. LT-SX is an effort to extend LT protection to server platforms. LT-SX uses a security model that allows certain RAS (Reliability, Availability and Serviceability) features to co-exist with security by allowing some of the system firmware to be within the trust boundary. For example, the basic RAS features of memory sparing and memory mirroring may be enabled to co-exist with security by utilizing protected partitions, wherein applications can run in isolation, free from being observed or compromised by software running in standard partitions and other applications running in the protected partition.
Unfortunately, substantial challenges remain in enabling certain more-advanced RAS features that are conducive to maintaining a secured computing environment. For example, hot-plug and migration capabilities implemented in high-end server platforms for a central processing unit (CPU) may defy some of the requirements of an LT-based platform. That is, CPUs cannot presently be hot-plugged or migrated after launching a secure environment under the control of LT without compromising security.
New systems and methods are needed that can overcome the above shortcomings.
Features, elements, and aspects of the invention that are referenced by the same numerals in different figures represent the same, equivalent, or similar features, elements, or aspects, in accordance with one or more embodiments.