2. Outlines
Introduction to Intel® TXT Technology
Why it matters?
Bad & Good List
Architectural Enhancements
How it works?
Control Points
LCP Protection
Use Models
Benefits
Meeting the requirements
Conclusion
References
Intel ® TXT
2 6 Mar 2012
Front Door of Trusted Computing …
3. Introduction
Intel®
TXT(Trusted eXecution Technology) Code
named as LaGrande.
Provides Hardware-based Security enhancing the
level of security (more useful for Business PCs)
Integrates
new security features and capabilities
into the processor, chipset and other platform
components
Intel ® TXT
3 6 Mar 2012
Front Door of Trusted Computing …
4. Why it matters?
Mechanism of Malwares may vary but they all seek to:
1. Corrupt Systems
2. Disrupt Business
3. Steal Data
4. Seize control of Platforms
Traditional approaches by anti-viruses is to look for
“known-bad” elements.
Intel® TXT provides “known good-focused” approach,
that checks for malicious software before they are even
launched.
Intel ® TXT
4 6 Mar 2012
Front Door of Trusted Computing …
5. Move from bad list to good list
VMM V20
VMM V4
VMM V8
Hacked_V1
VMM V4 VMM V1
VMM V3
Corrupted_V2
Hacked_V1 VMM V2
VMM V4OS3
Corrupted_V2 OS1
Hacked_V1 OS4
OS3 OS2
Corrupted_V2
OS4
OS3
OS4
Bad list Good list
Reactive Proactive
Intel ® TXT
5 6 Mar 2012
Front Door of Trusted Computing …
6. Good List Requirements
Accurate Strict control
Identity identity of enables switch to
Check software good list
Enforce the
Control list policy
Must provide ability to validate list
integrity at time of policy
Integrity enforcement
Check Management of list must provide
for multiple users and assurance of
list integrity
Intel ® TXT
6 6 Mar 2012
Front Door of Trusted Computing …
7. Architectural Enhancements
A number of system components’ functionalities as well as
architecture is enhanced:
Processor:
Provides for simultaneous support of the standard partition &
one or more protected partitions.
Chipset:
Provides protected channels to graphics h/w and i/o devices on
behalf of the protected partitions. Also provides interfaces to the
TPM.
Keyboard & Mouse:
Support encryption of keyboard and mouse input using a
cryptographic key that is shared between the input device and
the input manager for protected execution domain.
(contd..)
Intel ® TXT
7 6 Mar 2012
Front Door of Trusted Computing …
8. Graphics:
Provides protected pathway between an application or
software agent and the output display context(such as
window object)
TPM(Trusted Platform Module):
Hardware-based mechanism that stores cryptographic keys
and other data related to Intel® TXT within the platform,
also provides hardware support for the attestation process to
confirm the successful invocation of the Intel TXT
environment.
Intel ® TXT
8 6 Mar 2012
Front Door of Trusted Computing …
10. How does it works?
Intel ® TXT
10 6 Mar 2012
Front Door of Trusted Computing …
11. How does it works? (contd..)
Creates a Measured Launch Environment(MLE) that enables
accurate comparison of all critical elements of launch
environment against known-good source.
Creates a cryptographically unique identifier for each
approved launch-enabled component, and then provides
hardware-based enforcement mechanisms to block the
launch of code that does not match approved code.
Intel TXT provides:
• Verified Launch (MLE)
• Launch Control Policy (LCP)
• Secret Protection
• Attestation
Intel ® TXT
11 6 Mar 2012
Front Door of Trusted Computing …
12. How does it works? (contd..)
Intel ® TXT
12 6 Mar 2012
Front Door of Trusted Computing …
13. Control Points
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Memory
Establish special environment
MLE
Load SINIT into ACEA
MLE
MLE Validate SINIT digital signature
a a Store SINIT identity in TPM
CPU a
SINIT SINIT measures MLE in memory
ACM ACEA
SINIT a Store MLE identity in TPM
ACM
Intel ® TXT
13 6 Mar 2012
Front Door of Trusted Computing …
14. Control Points
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Memory
Establish special environment
MLE
Load SINIT into ACEA
MLE
MLE Validate SINIT digital signature
a a Store SINIT identity in TPM
CPU a
SINIT SINIT measures MLE in memory
ACM ACEA
SINIT a Store MLE identity in TPM
ACM
SINIT loads LCP
LCP SINIT passes control to known MLE
VMM1
VMM2
Intel ® TXT
14 6 Mar 2012
Front Door of Trusted Computing …
15. LCP Protection
Intel ® TXT
15 6 Mar 2012
Front Door of Trusted Computing …
16. Intel ® TXT
16 6 Mar 2012
Front Door of Trusted Computing …
17. Ensures Safe Migration between
Hosts through Trustable Pools
Intel ® TXT
17 6 Mar 2012
Front Door of Trusted Computing …
18. Benefits of Intel® TXT
Increased user confidence in their computing
environment
More protection from malicious software
Improved protection of corporate information
assets
Better confidentiality and integrity of sensitive
information
Intel ® TXT
18 6 Mar 2012
Front Door of Trusted Computing …
19. Meeting The Requirements
Software stack identity
Identity provided by SENTER
measurement
Control of software stack
provided by authenticated code
Control enforcing a launch control policy
set for the specific platform
Integrity of the launch control
Integrity policy guaranteed by hash and
TPM controls
Intel ® TXT
19 6 Mar 2012
Front Door of Trusted Computing …
20. Safer Computing
with Intel technologies
Future Technologies
Protection Capabilities
Intel® Trusted Execution Technology
Intel® Virtualization Technology
Intel® Active Management Technology
Execute Disable
TPM (Trusted Platform Module)
Smart Card
Software-Only
Time
Advancing Platform Protections
Intel ® TXT
20 6 Mar 2012
Front Door of Trusted Computing …
21. Conclusion
With Intel® TXT enabled solutions we can:
Address the increasing and evolving security
threats across physical and virtual infrastructure.
Facilitate compliance with government and industry
regulations and data protection standards.
Reduce malware-related support and remediation
costs.
Intel ® TXT
21 6 Mar 2012
Front Door of Trusted Computing …
22. References
Software Development Guide, Intel® TXT, pdf format, March
2011
White Paper, Intel® TXT Software, pdf format
Technology Overview, Intel® TXT, pdf format
http://en.wikipedia.org/wiki/Trusted_Execution_Technology
http://www.youtube.com/watch?v=LsjXjDksU
http://www.intel.com/content/www/us/en/data-
security/security-overview-general-technology.html
http://www.intel.com/content/www/us/en/architecture-and-
technology/trusted-execution-technology/trusted-execution-
technology-overview.html
http://www.intel.com/content/www/us/en/architecture-and-
technology/trusted-execution-technology/malware-reduction-
general-technology.html
Intel ® TXT
22 6 Mar 2012
Front Door of Trusted Computing …
23. 23 16 Oct 2008 Front Door of Trusted Computing