Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program

Total Page:16

File Type:pdf, Size:1020Kb

Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology Canadian Centre for Cyber Security Initial Release: September 21, 2020 Last Update: August 27, 2021 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology Table of Contents OVERVIEW ....................................................................................................................................................... 4 SECTION 1 – GENERAL ................................................................................................................................. 5 SECTION 2 – CRYPTOGRAPHIC MODULE SPECIFICATION .............................................................. 6 2.3.A BINDING OF CRYPTOGRAPHIC ALGORITHM VALIDATION CERTIFICATES ................................................. 6 2.3.B SUB-CHIP CRYPTOGRAPHIC SUBSYSTEMS ............................................................................................... 7 2.3.C PROCESSOR ALGORITHM ACCELERATORS (PAA) AND PROCESSOR ALGORITHM IMPLEMENTATION (PAI) ........................................................................................................................................................................ 11 2.4.A DEFINITION AND USE OF A NON-APPROVED SECURITY FUNCTION ........................................................ 13 2.4.B TRACKING THE COMPONENT VALIDATION LIST .................................................................................... 17 2.4.C APPROVED SECURITY SERVICE INDICATOR ........................................................................................... 19 SECTION 3 – CRYPTOGRAPHIC MODULE INTERFACES .................................................................. 23 3.4.A TRUSTED CHANNEL ............................................................................................................................... 23 SECTION 4 – ROLES, SERVICES, AND AUTHENTICATION ............................................................... 26 4.1.A AUTHORISED ROLES .............................................................................................................................. 26 4.4.A MULTI-OPERATOR AUTHENTICATION ................................................................................................... 27 SECTION 5 – SOFTWARE/FIRMWARE SECURITY ............................................................................... 30 5.A NON-RECONFIGURABLE MEMORY INTEGRITY TEST ................................................................................. 30 SECTION 6 – OPERATIONAL ENVIRONMENT ...................................................................................... 31 SECTION 7 – PHYSICAL SECURITY ......................................................................................................... 32 7.3.A TESTING TAMPER EVIDENT SEALS ........................................................................................................ 32 7.3.B HARD COATING TEST METHODS (LEVEL 3 AND 4) ................................................................................ 33 SECTION 8 – NON-INVASIVE SECURITY ................................................................................................ 35 SECTION 9 – SENSITIVE SECURITY PARAMETER MANAGEMENT ............................................... 36 9.3.A ENTROPY CAVEATS ............................................................................................................................... 36 9.5.A SSP ESTABLISHMENT AND SSP ENTRY AND OUTPUT ............................................................................ 39 9.6.A ACCEPTABLE ALGORITHMS FOR PROTECTING STORED SSPS ................................................................ 46 9.7.A ZEROIZATION OF ONE TIME PROGRAMMABLE (OTP) MEMORY ............................................................ 48 9.7.B INDICATOR OF ZEROISATION .................................................................................................................. 49 SECTION 10 – SELF-TESTS ......................................................................................................................... 53 10.3.A CRYPTOGRAPHIC ALGORITHM SELF-TEST REQUIREMENTS ................................................................. 53 10.3.B SELF-TEST FOR EMBEDDED CRYPTOGRAPHIC ALGORITHMS ................................................................ 59 10.3.C CONDITIONAL MANUAL ENTRY SELF-TEST REQUIREMENTS ............................................................... 60 10.3.D ERROR LOGGING ................................................................................................................................. 61 10.3.E PERIODIC SELF-TESTING ...................................................................................................................... 63 SECTION 11 – LIFE-CYCLE ASSURANCE ............................................................................................... 66 11.A CVE MANAGEMENT ............................................................................................................................... 66 SECTION 12 – MITIGATION OF OTHER ATTACKS ............................................................................. 69 12.A MITIGATION OF OTHER ATTACKS ........................................................................................................... 69 ANNEX A – DOCUMENTATION REQUIREMENTS ................................................................................ 70 ANNEX B – CRYPTOGRAPHIC MODULE SECURITY POLICY .......................................................... 71 ANNEX C – APPROVED SECURITY FUNCTIONS .................................................................................. 72 CMVP 2 08/27/2021 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology C.A USE OF NON-APPROVED ELLIPTIC CURVES .............................................................................................. 72 C.B VALIDATION TESTING OF HASH ALGORITHMS AND HIGHER CRYPTOGRAPHIC ALGORITHM USING HASH ALGORITHMS .................................................................................................................................................. 73 C.C THE USE AND THE TESTING REQUIREMENTS FOR THE FAMILY OF FUNCTIONS DEFINED IN FIPS 202 ...... 74 C.D USE OF A TRUNCATED HMAC ................................................................................................................. 75 C.E KEY GENERATION FOR RSA SIGNATURE ALGORITHM ............................................................................. 77 C.F APPROVED MODULUS SIZES FOR RSA DIGITAL SIGNATURE FOR FIPS 186-4 .......................................... 77 C.G SP 800-67REV2 LIMIT ON THE NUMBER OF ENCRYPTIONS WITH THE SAME TRIPLE-DES KEY................ 79 C.H KEY/IV PAIR UNIQUENESS REQUIREMENTS FROM SP 800-38D ............................................................... 81 C.I XTS-AES KEY GENERATION REQUIREMENTS .......................................................................................... 89 C.J REQUIREMENTS FOR TESTING TO SP 800-38G .......................................................................................... 90 ANNEX D – APPROVED SENSITIVE SECURITY PARAMETER GENERATION AND ESTABLISHMENT METHODS .................................................................................................................... 91 D.A ACCEPTABLE SSP ESTABLISHMENT PROTOCOLS ..................................................................................... 91 D.B STRENGTH OF SSP ESTABLISHMENT METHODS ....................................................................................... 92 D.C REFERENCES TO THE SUPPORT OF INDUSTRY PROTOCOLS ....................................................................... 95 D.D ELLIPTIC CURVES AND THE FFC SAFE-PRIME GROUPS IN SUPPORT OF INDUSTRY PROTOCOLS .............. 96 D.E ASSURANCE OF THE VALIDITY OF A PUBLIC KEY FOR SSP ESTABLISHMENT ........................................... 98 D.F KEY AGREEMENT METHODS .................................................................................................................... 99 D.G KEY TRANSPORT METHODS ................................................................................................................... 102 D.H REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-133 ................................................................ 105 D.I THE USE OF POST-PROCESSING IN KEY GENERATION METHODS ............................................................ 107 D.J ENTROPY ESTIMATION AND COMPLIANCE WITH SP 800-90B ................................................................. 109 D.K INTERPRETATION OF SP 800-90B REQUIREMENTS ................................................................................ 111 D.L CRITICAL SECURITY PARAMETERS FOR THE SP 800-90A DRBGS ......................................................... 117 D.M USING THE SP 800-108 KDFS IN AN APPROVED MODE ........................................................................ 118 D.N SP 800-132 PASSWORD-BASED KEY DERIVATION FOR STORAGE APPLICATIONS ................................. 119 D.O COMBINING ENTROPY FROM MULTIPLE SOURCES ................................................................................. 120 ANNEX E – APPROVED AUTHENTICATION MECHANISMS ........................................................... 123 E.A APPLICABILITY OF REQUIREMENTS FROM SP 800-63B
Recommended publications
  • GPTPU: Accelerating Applications Using Edge Tensor Processing Units Kuan-Chieh Hsu and Hung-Wei Tseng University of California, Riverside {Khsu037, Htseng}@Ucr.Edu
    GPTPU: Accelerating Applications using Edge Tensor Processing Units Kuan-Chieh Hsu and Hung-Wei Tseng University of California, Riverside {khsu037, htseng}@ucr.edu This paper is a pre-print of a paper in the 2021 SC, the Interna- Two decades ago, graphics processing units (GPUs) were just tional Conference for High Performance Computing, Networking, domain-specific accelerators used for shading and rendering. But Storage and Analysis. Please refer to the conference proceedings intensive research into high-performance algorithms, architectures, for the most complete version. systems, and compilers [3–12] and the availability of frameworks like CUDA [13] and OpenCL [14], have revolutionized GPUs and ABSTRACT transformed them into high-performance, general-purpose vector Neural network (NN) accelerators have been integrated into a wide- processors. We expect a similar revolution to take place with NN spectrum of computer systems to accommodate the rapidly growing accelerators—a revolution that will create general-purpose matrix demands for artificial intelligence (AI) and machine learning (ML) processors for a broader spectrum of applications. However, de- applications. NN accelerators share the idea of providing native mocratizing these NN accelerators for non-AI/ML workloads will hardware support for operations on multidimensional tensor data. require the system framework and the programmer to tackle the Therefore, NN accelerators are theoretically tensor processors that following issues: can improve system performance for any problem that uses ten- (1) The microarchitectures and instructions of NN accelerators sors as inputs/outputs. Unfortunately, commercially available NN are optimized for NN workloads, instead of general matrix/tensor accelerators only expose computation capabilities through AI/ML- algebra.
    [Show full text]
  • Amd Filed: February 24, 2009 (Period: December 27, 2008)
    FORM 10-K ADVANCED MICRO DEVICES INC - amd Filed: February 24, 2009 (period: December 27, 2008) Annual report which provides a comprehensive overview of the company for the past year Table of Contents 10-K - FORM 10-K PART I ITEM 1. 1 PART I ITEM 1. BUSINESS ITEM 1A. RISK FACTORS ITEM 1B. UNRESOLVED STAFF COMMENTS ITEM 2. PROPERTIES ITEM 3. LEGAL PROCEEDINGS ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS PART II ITEM 5. MARKET FOR REGISTRANT S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES ITEM 6. SELECTED FINANCIAL DATA ITEM 7. MANAGEMENT S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURE ABOUT MARKET RISK ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING AND FINANCIAL DISCLOSURE ITEM 9A. CONTROLS AND PROCEDURES ITEM 9B. OTHER INFORMATION PART III ITEM 10. DIRECTORS, EXECUTIVE OFFICERS AND CORPORATE GOVERNANCE ITEM 11. EXECUTIVE COMPENSATION ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND MANAGEMENT AND RELATED STOCKHOLDER MATTERS ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS AND DIRECTOR INDEPENDENCE ITEM 14. PRINCIPAL ACCOUNTANT FEES AND SERVICES PART IV ITEM 15. EXHIBITS, FINANCIAL STATEMENT SCHEDULES SIGNATURES EX-10.5(A) (OUTSIDE DIRECTOR EQUITY COMPENSATION POLICY) EX-10.19 (SEPARATION AGREEMENT AND GENERAL RELEASE) EX-21 (LIST OF AMD SUBSIDIARIES) EX-23.A (CONSENT OF ERNST YOUNG LLP - ADVANCED MICRO DEVICES) EX-23.B
    [Show full text]
  • Microcode Revision Guidance August 31, 2019 MCU Recommendations
    microcode revision guidance August 31, 2019 MCU Recommendations Section 1 – Planned microcode updates • Provides details on Intel microcode updates currently planned or available and corresponding to Intel-SA-00233 published June 18, 2019. • Changes from prior revision(s) will be highlighted in yellow. Section 2 – No planned microcode updates • Products for which Intel does not plan to release microcode updates. This includes products previously identified as such. LEGEND: Production Status: • Planned – Intel is planning on releasing a MCU at a future date. • Beta – Intel has released this production signed MCU under NDA for all customers to validate. • Production – Intel has completed all validation and is authorizing customers to use this MCU in a production environment.
    [Show full text]
  • Sensor-Seeded Cryptographically Secure Random Number Generation
    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-3, September 2019 Sensor-Seeded Cryptographically Secure Random Number Generation K.Sathya, J.Premalatha, Vani Rajasekar Abstract: Random numbers are essential to generate secret keys, AES can be executed in various modes like Cipher initialization vector, one-time pads, sequence number for packets Block Chaining (CBC), Cipher Feedback (CFB), Output in network and many other applications. Though there are many Feedback (OFB), and Counter (CTR). Pseudo Random Number Generators available they are not suitable for highly secure applications that require high quality randomness. This paper proposes a cryptographically secure II. PRNG IMPLEMENTATIONS pseudorandom number generator with its entropy source from PRNG requires the seed value to be fed to a sensor housed on mobile devices. The sensor data are processed deterministic algorithm. Many deterministic algorithms are in 3-step approach to generate random sequence which in turn proposed, some of widely used algorithms are fed to Advanced Encryption Standard algorithm as random key to generate cryptographically secure random numbers. Blum-Blum-Shub algorithm uses where X0 is seed value and M =pq, p and q are prime. Keywords: Sensor-based random number, cryptographically Linear congruential Generator uses secure, AES, 3-step approach, random key where is the seed value. Mersenne Prime Twister uses range of , I. INTRODUCTION where that outputs sequence of 32-bit random Information security algorithms aim to ensure the numbers. confidentiality, integrity and availability of data that is transmitted along the path from sender to receiver. All the III. SENSOR-SEEDED PRNG security mechanisms like encryption, hashing, signature rely Some of PRNGs uses clock pulse of computer system on random numbers in generating secret keys, one time as seeds.
    [Show full text]
  • 2016 Kaby Lake Platforms Silicon Initialization Code Release Notes Intel Restricted Secret 5
    2016 Kaby Lake Platforms Silicon Initialization Code Release Notes April 2020 Release Version 3.8.0 Intel Restricted Secret By using this document, in addition to any agreements you have with Intel, you accept the terms set forth below. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS.
    [Show full text]
  • A Secure Authentication System- Using Enhanced One Time Pad Technique
    IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.2, February 2011 11 A Secure Authentication System- Using Enhanced One Time Pad Technique Raman Kumar1, Roma Jindal 2, Abhinav Gupta3, Sagar Bhalla4 and Harshit Arora 5 1,2,3,4,5 Department of Computer Science and Engineering, 1,2,3,4,5 D A V Institute of Engineering and Technology, Jalandhar, Punjab, India. Summary the various weaknesses associated with a password have With the upcoming technologies available for hacking, there is a come to surface. It is always possible for people other than need to provide users with a secure environment that protect their the authenticated user to posses its knowledge at the same resources against unauthorized access by enforcing control time. Password thefts can and do happen on a regular basis, mechanisms. To counteract the increasing threat, enhanced one so there is a need to protect them. Rather than using some time pad technique has been introduced. It generally random set of alphabets and special characters as the encapsulates the enhanced one time pad based protocol and provides client a completely unique and secured authentication passwords we need something new and something tool to work on. This paper however proposes a hypothesis unconventional to ensure safety. At the same time we need regarding the use of enhanced one time pad based protocol and is to make sure that it is easy to be remembered by you as a comprehensive study on the subject of using enhanced one time well as difficult enough to be hacked by someone else.
    [Show full text]
  • Intense PC3 Kaby Lake 7Th Generation Intel Core Mini PC Product Specification V.1.3
    Intense PC3 Kaby Lake th 7 Generation Intel Core Mini PC Product Specification v.1.3 Thanks to improved GPU (Intel HD 620 Graphics) and latest generation of Intel CPU (Kaby Lake), Intense PC3 can render demanding graphics and record-decode videos faster than ever while consuming less power. Intense PC3 supports 3x 4K display and is greatly recommended for CCTV, signage, virtualisation, 24/7 applications and real-time monitoring. This miniature fanless PC also provides faster storage and improved booting time thanks to new M.2 slot for SATA 3.0 or NVMe drives. Highly customisable thanks to face modules supporting built-in fibre optics, Ethernet bypass, power-over-Ethernet… IPC3 is recommended for advanced networking. Key Features Ideal For • High processing performance • CCTV, video surveillance • Fast Clock Speed (up to 3.5GHz with i7) • Real-time monitoring • Dual display mode supported • 24/7 applications • 3x 4K displays • Virtualization • Generous Memory (up to 32GB DDR4) • Windows IoT • Fast boosting time (M.2 SATA or NVMe) • Advanced networking • Low power consumption • Signage • Ruggedized die-cast aluminium shell • Video recording/decoding • Customisable Face Module • Rendering graphics Product Specifications Model IPC3 i5 Barebone IPC3 i7 Barebone Name IPC3REV2-i5 IPC3REV2-i7 Current HW Revision 2.0 Long Term Availability 2020 - (then product will be available with similar or better CPU) Processor Intel 7th Gen Core i5-7200U Processor Intel 7th Gen Core i7-7500U Processor Type (Kaby Lake) (Kaby Lake) Cores 64-bit dual core Clock speed 2.5GHz (turbo boost up to 3.1GHz) 2.7GHz (turbo boost up to 3.5GHz) Cache 3MB SmartCache 4MB SmartCache TDP 15W Chipset Intel Mobile PCH (MCP package) Memory Supported Up to 32GB (2x 16GB) DDR4 2133 SO-DIMM (non-ECC) Barebone as default.
    [Show full text]
  • A Note on Random Number Generation
    A note on random number generation Christophe Dutang and Diethelm Wuertz September 2009 1 1 INTRODUCTION 2 \Nothing in Nature is random. number generation. By \random numbers", we a thing appears random only through mean random variates of the uniform U(0; 1) the incompleteness of our knowledge." distribution. More complex distributions can Spinoza, Ethics I1. be generated with uniform variates and rejection or inversion methods. Pseudo random number generation aims to seem random whereas quasi random number generation aims to be determin- istic but well equidistributed. 1 Introduction Those familiars with algorithms such as linear congruential generation, Mersenne-Twister type algorithms, and low discrepancy sequences should Random simulation has long been a very popular go directly to the next section. and well studied field of mathematics. There exists a wide range of applications in biology, finance, insurance, physics and many others. So 2.1 Pseudo random generation simulations of random numbers are crucial. In this note, we describe the most random number algorithms At the beginning of the nineties, there was no state-of-the-art algorithms to generate pseudo Let us recall the only things, that are truly ran- random numbers. And the article of Park & dom, are the measurement of physical phenomena Miller (1988) entitled Random generators: good such as thermal noises of semiconductor chips or ones are hard to find is a clear proof. radioactive sources2. Despite this fact, most users thought the rand The only way to simulate some randomness function they used was good, because of a short on computers are carried out by deterministic period and a term to term dependence.
    [Show full text]
  • 8Th Generation Intel® Core™ Processors Product Brief
    PRODUCT BRIEF 8TH GENERATION INTEL® CORE™ PROCESSORS Mobile U-Series: Peak Performance on the Go The new 8th generation Intel® Core™ Processor U-series—for sleek notebooks and 2 in 1s elevates your computing experience with an astounding 40 percent leap in productivity performance over 7th Gen PCs,1 brilliant 4K Ultra HD entertainment, and easier, more convenient ways to interact with your PC. With 10 hour battery life2 and robust I/O support, Intel’s first quad-core U-series processors enable portable, powerhouse thin and light PCs, so you can accomplish more on the go. Extraordinary Performance and Responsiveness With Intel’s latest power-efficient microarchitecture, advanced process technology, and silicon optimizations, the 8th generation Intel Core processor (U-series) is Intel’s fastest 15W processor3 with up to 40 percent greater productivity than 7th Gen processors and 2X more productivity vs. comparable 5-year-old processors.4 • Get fast and responsive web browsing with Intel® Speed Shift Technology. • Intel® Turbo Boost Technology 2.0 lets you work more productively by dynamically controlling power and speed—across cores and graphics— boosting performance precisely when it is needed, while saving energy when it counts. • With up to four cores, 8th generation Intel Core Processor U-series with Intel® Hyper-Threading Technology (Intel® HT Technology) supports up to eight threads, making every day content creation a compelling experience on 2 in 1s and ultra-thin clamshells. • For those on the go, PCs enabled with Microsoft Windows* Modern Standby wake instantly at the push of a button, so you don’t have to wait for your system to start up.
    [Show full text]
  • Class-Action Lawsuit
    Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 1 of 279 Steve D. Larson, OSB No. 863540 Email: [email protected] Jennifer S. Wagner, OSB No. 024470 Email: [email protected] STOLL STOLL BERNE LOKTING & SHLACHTER P.C. 209 SW Oak Street, Suite 500 Portland, Oregon 97204 Telephone: (503) 227-1600 Attorneys for Plaintiffs [Additional Counsel Listed on Signature Page.] UNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION BLUE PEAK HOSTING, LLC, PAMELA Case No. GREEN, TITI RICAFORT, MARGARITE SIMPSON, and MICHAEL NELSON, on behalf of CLASS ACTION ALLEGATION themselves and all others similarly situated, COMPLAINT Plaintiffs, DEMAND FOR JURY TRIAL v. INTEL CORPORATION, a Delaware corporation, Defendant. CLASS ACTION ALLEGATION COMPLAINT Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 2 of 279 Plaintiffs Blue Peak Hosting, LLC, Pamela Green, Titi Ricafort, Margarite Sampson, and Michael Nelson, individually and on behalf of the members of the Class defined below, allege the following against Defendant Intel Corporation (“Intel” or “the Company”), based upon personal knowledge with respect to themselves and on information and belief derived from, among other things, the investigation of counsel and review of public documents as to all other matters. INTRODUCTION 1. Despite Intel’s intentional concealment of specific design choices that it long knew rendered its central processing units (“CPUs” or “processors”) unsecure, it was only in January 2018 that it was first revealed to the public that Intel’s CPUs have significant security vulnerabilities that gave unauthorized program instructions access to protected data. 2. A CPU is the “brain” in every computer and mobile device and processes all of the essential applications, including the handling of confidential information such as passwords and encryption keys.
    [Show full text]
  • Promethean Series
    PROMETHEAN SERIES Ruggedized Small Form Factor CPU / GPU Systems Rugged and Reliable Performance The Promethean series of rugged, compact, and powerful small form factor systems are designed to provide highly flexible and configurable solutions for applications ranging from industrial/commercial, medical, and military. Based on COM Express (Computer-On-Module) architecture, Promethean combines high-end GPUs with latest generation of x86 processors in a ruggedized small form factor package. Promethean systems can be ordered with a variety of different CPU and GPU engines as required for your application. The system can be configured with various complements of high performance I/O as required. The architecture also supports the ability for customer defined memory type and capacities as required. Compact and Lightweight The rugged aluminum enclosure has been designed to be lightweight but strong. Deep finning provides for maximum cooling capability. Depending on Features and Benefits the requirements, the Promethean system can be mounted from the bottom, or " Provides high performance CPUs either side surface thus allowing greatest flexibility in placement, mounting, and with the latest generation of Intel Processors cable routing. The ruggedness extends beyond the robust physical housing. The Promethean system is designed for operation up to 50,000 feet elevation, and has "Order using a building block approach: an operating temperate range of 0ᵒC to +55ᵒC. If a wider temperature range is Mix and match Intel® CPUs required, a variant of the Promethean can operate at the extreme temperate range with NVIDIA® GPUs of -40ᵒC to +85ᵒC. Promethean systems also meet MIL-STD-810H for shock and "Highly configurable.
    [Show full text]
  • Quad-Core Catamount and R&D in Multi-Core Lightweight Kernels
    Quad-core Catamount and R&D in Multi-core Lightweight Kernels Salishan Conference on High-Speed Computing Gleneden Beach, Oregon April 21-24, 2008 Kevin Pedretti Senior Member of Technical Staff Scalable System Software, Dept. 1423 [email protected] SAND Number: 2008-1725A Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security Administration under contract DE-AC04-94AL85000. Outline • Introduction • Quad-core Catamount LWK results • Open-source LWK • Research directions • Conclusion Going on Four Decades of UNIX Operating System = Collection of software and APIs Users care about environment, not implementation details LWK is about getting details right for scalability LWK Overview Basic Architecture Memory Management … … Policy n 1 n N tio tio Page 3 Page 3 Maker ca ca i l Libc.a Libc.a (PCT) pp ppli Page 2 Page 2 A libmpi.a A libmpi.a Page 1 Page 1 Policy Enforcer/HAL (QK) Page 0 Page 0 Privileged Hardware Physical Application Memory Virtual • POSIX-like environment Memory • Inverted resource management • Very low noise OS noise/jitter • Straight-forward network stack (e.g., no pinning) • Simplicity leads to reliability Nov 2007 Top500 Top 10 System Lightweight Kernel Compute Processors: Timeline 82% run a LWK 1990 – Sandia/UNM OS (SUNMOS), nCube-2 1991 – Linux 0.02 1993 – SUNMOS ported to Intel Paragon (1800 nodes) 1993 – SUNMOS experience used to design Puma First implementation of Portals communication architecture 1994
    [Show full text]