Today's embedded developers must contend with the possibility of malicious software infiltrating a system and wreaking havoc by accessing sensitive information, stealing identities or committing other illegal actions. Providing a new layer of security protection, Intel® Trusted Execution Technology (Intel® TXT) creates a more secure computing environment that keeps malware from launching in the first place. Intel TXT is one of the technologies that is part of Intel® vPro™ technology
How it Works
Intel® TXT is a set of capabilities that is integrated into the Intel® processor, chipset and platform-level components, designed to assure software integrity. First, critical applications run in a virtualized, protected environment, which ensure they cannot be compromised by rogue software. Second, system secrets, like VPN security keys, are encrypted and safely stored within the trusted platform module (TPM). Third, a protected launch mechanism ensures all system software components are in a known, unaltered state, referred to as “trusted,” before launching.
Key Benefits
While anti-virus, encryption, firewall and other security products offer protection, these software solutions can be neutralized. Intel TXT creates additional privileges – a new layer of protection that safeguards security products, applications and data against software-based attacks at boot.
Industrial Scenario
A piece of manufacturing equipment is compromised, possibly infected with a virus from the network, USB flash drive or an illegal peripheral. One solution is to stop the system from booting when the virus is activated, which causes the software or hardware configuration to diverge from the trusted state. This is achievable with Intel TXT, which compares the hash of the trusted state with the current state and blocks system startup when differences are detected.
Transaction System Scenario
Many cybercriminals try to breach application software and databases used by retailers and banks, looking to profit from accessing sensitive information, like bank records or credit card numbers. Using Intel TXT, original equipment manufacturers (OEMs) can put software and data out of reach of hackers by giving applications and operating systems higher software privileges, permission granted only by system developers. As a result, code and data are stored in hardware-secured memory regions, inaccessible to malware. OEMs and system administrators can create a list that defines which software is allowed to load and run on the system.
No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer system with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit www.intel.com/technology/security/.
Intel provides configurations of processors and chipsets to meet the power-efficient performance, Internet connectivity and security requirements of embedded devices.
Power-efficient application performance and media processing is now available in modular small form factor designs optimized for retail devices that run new applications securely.
Documentation, tools and technical support for embedded development
Live support
