Intel AXXTPME3, Hardware User'S Manual

Page: 18 / 35

8 Intel® Trusted Platform Module Hardware User’s Guide
mechanisms, rooted in hardware, that are necessary to provide trust in the application's
execution environment. In turn, this can help to protect vital data and processes from
being compromised by malicious software running on the platform. Long available on
client platforms, Intel is now enabling Intel TXT on selected server platforms as well.
Intel® TXT hardware overview
Implementation of a Trusted Execution Technology-enabled platform requires a number
of hardware enhancements. Key hardware elements of this platform are:
1. Processor: Extensions to the IA-32 architecture allow for the creation of multiple
execution environments, or partitions. This allows for the coexistence of a standard
(legacy) partition and protected partition, where software can run in isolation in the
protected partition, free from being observed or compromised by other software
running on the platform. Access to hardware resources (such as memory) is
hardened by enhancements in the processor and chipset hardware. Other processor
enhancements include: (1) event handling, to reduce the vulnerability of data
exposed through system events, (2) instructions to manage the protected execution
environment, (3) and instructions to establish a more secure software stack.
2. Chipset: Extensions to the chipset deliver support for key elements of this new,
more protected platform. They include: (1) the capability to enforce memory
protection policy, (2) enhancements to protect data access from memory, (3)
protected channels to graphics and input/output devices, (4) and interfaces to the
Trusted Platform Module [Version 1.2].
3. Keyboard and Mouse: Enhancements to the keyboard and mouse enable
communication between these input devices and applications running in a protected
partition to take place without being observed or compromised by unauthorized
software running on the platform.
4. Graphics: Enhancements to the graphic subsystem enable applications running
within a protected partition to send display information to the graphics frame buffer
without being observed or compromised by unauthorized software running on
the platform.
5. The TPM v. 1.2 device: Also called the Fixed Token, is bound to the platform and
connected to the PC’s LPC bus. The TPM provides the hardware-based mechanism
to store or ‘seal’ keys and other data to the platform. It also provides the hardware
mechanism to report platform attestations.
Note: For a list of servers and baseboards support Intel
®
TXT, please refer:
http://www.intel.com/support/motherboards/server/sb/CS-032301.htm.
Enabling Intel® TXT on Intel® Server Board
The following steps describe how to set up Intel
®
TXT feature: