Systems that support isolated execution of code within protected hardware partitions are now available using Intel® Trusted Execution Technology. This set of capabilities helps guard sensitive data from other operations occurring on the same system. As it becomes deployed on mainstream systems, software providers that prepare their solutions to execute on protected partitions can offer their customers functionality that differentiates those products within their market segments.
Overview
Intel® Trusted Execution Technology (Intel® TXT) is a component of Intel® vPro™ processor technology, a set of innovative technologies from Intel that provide next-generation manageability and security for the business PC. Other key features of this platform include Intel® Active Management Technology (Intel® AMT) and Intel® Virtualization Technology (Intel® VT).
By providing a hardware-based security foundation, Intel TXT provides greater protection for information that is used and stored on the business PC. A key aspect of that protection is the provision of an isolated execution environment and associated sections of memory where operations can be conducted on sensitive data, invisibly to the rest of the system. Likewise, Intel TXT provides for a sealed portion of storage where sensitive data such as encryption keys can be kept, helping to shield them from being compromised during an attack by malicious code. To make sure that code is, in fact, executing in this protected environment, attestation mechanisms verify that the system has correctly invoked Intel TXT. These capabilities complement other key features of Intel vPro processor technology, including Intel AMT and Intel VT.
Intel AMT enhances the security and central remote management of business PCs by providing a firmware-based out-of band communication channel through which a management console can reach the PC even when it is powered off or the operating system (OS) is non-functional or missing. A management engine within the PC chipset stores authentication information in non-volatile memory that it uses to pass information across the same physical network interface used by the host OS, but with its own logical identity and IP address. This mechanism allows system administrators to dramatically extend their management reach, including the ability to remotely discover hardware and software, power machines up and down, and deploy security patches and other software, regardless of system state. Using Intel AMT, support organizations can also isolate PCs from the rest of the network if they become compromised by malware.
Intel VT allows simpler and more robust virtualization than software-only solutions by means of a new hardware layer that provides a hardware assist to virtualization. This layer reduces the complexity of the virtual machine monitor (VMM) and eliminates compute-intensive software translations in the virtualization software by enabling a new, higher privilege mode for VMM operation. This innovation directly benefits Intel TXT by reducing the overhead associated with system virtualization and allowing the guest operating system (OS) and a pplications to run in their intended mode. Intel VT is fully supported by leading providers of virtual machine monitor software. Intel VT offers software vendors reduced costs and risk, improved reliability and availability, enhanced security, and simpler VMM development.
Industry Challenges that Inspired Intel Trusted Execution Technology
Security threats are increasing in volume, diversity, and sophistication at the same time that high-value, sensitive data is more commonly being generated, used, and stored on standard business PCs. These client PCs are typically lightly protected in comparison to servers and network access devices, where the traditional focus of network protection has been. Coupled with the fact that a compromised PC may offer the means to obtain access to servers and other network assets, these characteristics have created an incentive for hackers to focus their efforts on client computing platforms.
Attack tools are widely available on the Internet, and IT organizations too often find themselves in a reactive mode in trying to fend off malicious intruders. The diversity and flexibility of intrusion attempts has largely outpaced the ability of today's protection models to cope with them. As vulnerabilities in popular operating systems and application software are publicized, exploits are generated, often before security patches can be created to guard against them.
Even when such patches are available, organizations typically must test them for compatibility with their business systems to ensure that they will not interfere with day-to-day operations. This requirement increases the window of vulnerability to attack. Moreover, even if security patches have been applied to guard against a particular exploit, variants of the original attack may be developed very rapidly, reducing the ability of defenses to counter them.
Financial incentives associated with the theft of data will continue to grow and encourage attempts to breach system defenses. Because of the increasing significance of the business PC in overall security, it has become necessary for IT organizations to look beyond perimeter defenses in protecting their networks. Those factors have created the need and opportunity for a hardened client system architecture that provides hardware-level support for security.
Intel Trusted Execution Technology Architecture
The primary goal of Intel TXT is to provide the ability for software to define a safe, isolated execution space within the larger system. Controls on this execution space disallow any unauthorized software from observing or interacting with the operations being performed there. Multiple such execution spaces may exist on the system at once, and each has dedicated resources that are managed by the processor, chipset, and OS kernel. The architecture that underlies this capability encompasses features within a number of system components:
- Processor: The CPU provides for simultaneous support of the standard partition and one or more protected partitions. The standard partition corresponds to the traditional execution environment that exists on PCs that do not support Intel TXT. It allows conventional applications to execute normally without being modified. Protected partitions provide hardened access to memory and other system resources to isolate execution from ot her processes. Note that, in most cases, part of an application may execute on the standard partition while another part executes on a protected partition.
- Chipset: Memory protection policy is enforced by means of extensions to the chipset, along with various enhancements to data-access mechanisms that help to ensure the protection of that data. The chipset also provides protected channels to graphics hardware and input/output devices on behalf of the protected partitions, protecting the transfer of data throughout the system. It also provides interfaces to the Trusted Platform Module v1.2 (TPM v1.2), which is described below.
- Keyboard and Mouse: Input-device controllers must provide enhancements that secure communication to and from the keyboard and mouse on behalf of applications running in protected partitions. The chief role of these protections is to guard against the data being observed or otherwise compromised by unauthorized software processes. USB devices under Intel TXT support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device itself and the input manager for a protected execution domain.
- Graphics: The graphics subsystem provides a protected pathway between an application or software agent and the output display context (such as a window object). This pathway enables the software to send display information to the graphics frame buffer without that information being observed by unauthorized software entities.
- TPM v1.2 device: This is a hardware-based mechanism that stores cryptographic keys and other data related to Intel TXT within the platform. It also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. It is physically connected to the chipset by the Low Pin Count (LPC) bus. Note that, while TPMs fall only under the single-review export model, some export issues do exist related to the TPM v1.2, notably with regard to exporting to the People's Republic of China (PRC). Manufacturers within the PRC are building TPMs that address this issue.
Example Use Case: Verifying System Integrity at Boot
IT departments typically face challenges in trying to control cost of ownership while maintaining robust security practices. At the same time, it is clear that the cost of preventing a malware exploit is far less than remediation after the fact. Proactive security that can guard against resources being compromised depends upon the use of policies to automate the process of systems protection.
The implementation of proactive security in the context of Intel TXT begins before the system boots, in the form of policies that are put into place in order to ensure that system integrity is intact during the boot process. Intel TXT provides mechanisms that can be used to establish a system as trusted. At a very high level, the mechanism consists of starting trusted code and using it to establish that the next piece of code to be run is good code, which establishes the integrity of the next piece of code, ad so on throughout the boot process. The mechanism can be conceptualized as incorporating four steps: measure, extend, verify, and execute.
- Measure: Intel AMT starts very soon after system reset, acting as a trusted root that forms the basis for the remainder of the process. The Core Root of Trust for Measurement (CRTM) provided by Intel AMT measures the system BIOS, the first initially untrusted component within the sequence.
- Extend: After the CRTM has measured the BIOS to establish it as a trusted entity, the trust-establishment chain extends to additional components; the BIOS measures the Master Boot Record (MBR), which in turn measures the pre-loader for Intel TXT (LDR1). LDR1 prepares memory for the SENTER instruction, which initiates trusted execution, as well as SINIT (described below).
- Verify: SINIT verifies the Authenticated Code Module (AC). The AC is a chipset-specific module digitally signed by Intel that is able to verify a white list of applications that can be run next. The ACM verifies Loader 2 (LDR2), which verifies Platform Configuration Registers (PCRs), System Management Mode (SMM) code, and embedded virtual appliances.
- Execute: A virtual appliance prepares for and launches the user OS.
Using this chain of verification processes, Intel TXT can ensure that system integrity is intact, and that the operating environment is trustworthy.
The Value of Intel Trusted Execution Technology to End Users
The primary advantage of Intel TXT from the end-user perspective is that it provides more secure computing by means of protected launch of the operating environment and applications. That increase in security helps to protect sensitive information, which in turn protects the organization as a whole. This capability can reduce the overall support burden on the IT organization by preventing security breaches that may lead to costly and time-consuming remediation activities. Organizations as a whole may realize benefits such as the following:
- Increased user confidence in their computing environment
- More protection from malicious software
- Improved protection of corporate information assets
- Better confidentiality and integrity of sensitive information
By supporting these capabilities, software makers can differentiate their products in their market segments, identifying themselves as security leaders and establishing new usage models for security-conscious user groups, such as government, financial, and research institutions. It also provides the basis for innovative solutions that deliver increased levels of protection and trustworthiness to their customers, enabling more unconstrained growth of computing resources.
Note that Intel TXT is an 'opt-in' technology, and Intel will continue to provide CPUs and chipsets both with and without these capabilities. Capabilities also exist to programmatically identify whether Intel TXT capabilities exist and are enabled on a given system.
The Role of the Virtual Machine Monitor
Many usage models associated with Intel TXT involve the use of an Intel VT-enabled VMM. VMMs provide isolation for OSs and applications that will make use of Intel TXT. That scenario allows for running a number of protected partitions, each in its own virtual machine (VM). It should be noted, however, that Intel TXT can launch an environment other than a VMM. This section captures some noteworthy considerations associated with the use of Intel TXT with and without a VMM:
- If no VMM is present acting to isolate the OS and applications that will use Intel TXT, the environment must address that isolation issue using software solutions.
- Intel TXT will not launch if Virtual Machine Extensions (VMX) is turned on, although the environment launched by Intel TXT may explicitly turn on VMX. Further, the CPU can be instructed to disallow the use of VMX outside Intel TXT.
- Protection of the measured launch environment (MLE) enabled by Intel TXT must be addressed if it is to co-exist with untrusted software.
Potential usages of the MLE in the absence of a VMM include the following:
- 'Run once and exit' models, such as the use of the MLE for application authentication or a signing service.
- 'Run and remain resident' models, such as monitoring applications; note that in this usage, isolation of the MLE and the trusted application without a VMM is difficult.
- 'OS swapping' models, where the 'bootstrapping OS' is stopped and replaced with a different one that has a more verifiable trust chain.
While these and other models are possible in the absence of widely-deployed VMMs, the real value of Intel TXT to be realized by software makers will be seen in the next generation of software, to be deployed in the 2008-2009 timeframe. As virtualization continues to become a mainstream technology that is more widely deployed by businesses of all sizes, software solutions that can take advantage of it to provide a trusted execution environment using Intel TXT stand to gain a competitive advantage in their market segments as they differentiate themselves from their competitors.
Conclusion
Intel Trusted Execution Technology is available today on selected platforms, to encourage software developers to use it in research environments to assist in creating the next generation of security innovation. The growing community of developers working to create the first generation of software for Intel TXT consist of large and small security, management, and virtualization software makers.
As the ecosystem surrounding this technology continues to develop, Intel will work with those software vendors who take an interest in moving it forward. Please direct inquiries about engineering assistance and development issues to inteltxt@intel.com.
Additional Resources
The following materials provide a point of departure for further research on this topic:
- Intel® Trusted Execution Technology is a versatile set of hardware extensions that enhance the digital office platform with security capabilities such as measured launch and protected execution.
- Intel® vPro™ Technology provides built-in manageability, proactive security, and energy-efficient performance for the business PC.
About the Author
Matt Gillespie is an independent technical author and editor working out of the Chicago area and specializing in emerging hardware and software technologies. Before going into business for himself, Matt developed training for software developers at Intel Corporation and worked in Internet Technical Services at California Federal Bank. He spent his early years as a writer and editor in the fields of financial publishing and neuroscience.