white paper Intel® Trusted Execution Technology

Intel® Trusted Execution Technology

Hardware-based Technology for Enhancing Server Platform Security

Executive Summary A building is only as good as its foundation. The same is true for a computer architecture’s information security. In an age where security breaches in IT infrastructure are increasingly common front page news, it’s imperative that organizations use the most secure building blocks for the foundations of their IT solutions. This is of growing importance today, as IT managers are being asked to evolve their data centers into new and more demanding uses that challenge existing security practices. For example, as the data center gets increasingly virtualized, high-value or highly sensitive workloads from different lines of business will be shared across common physical infrastructure. Where traditional physical isolation is no longer possible a more trusted infrastructure is the key to maintaining the high assurance and control required to meet the security needs in the data center. The increased interest in cloud computing will only further emphasize the need for more visibility into the security status of workloads and systems and new control capabilities to meet compliance mandates. This paper describes a highly scalable Intel TXT is specifically designed to Intel TXT gives IT and security architecture called Intel® Trusted harden platforms from the emerging organizations important enhancements Execution Technology (Intel® TXT) that threats of hypervisor attacks, BIOS, or to help ensure more secure platforms; provides hardware-based security other firmware attacks, malicious root greater application, data, or virtual technologies to help build a solid kit installations, or other software- machine (VM) isolation; and improved foundation for security.1 Built into Intel’s based attacks. It increases protection by security or compliance audit capabilities. silicon, these technologies address the allowing greater control of the launch Not only can it help reduce support and increasing and evolving security threats stack through a Measured Launch remediation costs, but it can also provide across physical and virtual infrastructures Environment (MLE) and enabling isolation a foundation for more advanced solutions by complementing runtime protections in the boot process. More specifically, it as security needs change to support such as anti-virus software. Intel TXT also extends the Virtual Machine Extensions increasingly virtualized or “multi-tenant” can play a role in meeting government and (VMX) environment of Intel® Virtualization shared data center resources. This paper industry regulations and data protection Technology (Intel® VT), permitting a verifiably describes the basic uses of Intel TXT, the standards by providing a hardware- secure installation, launch, and use of a core components, how they operate, and based method of verification useful in hypervisor or operating system (OS). critical enabling requirements for the compliance efforts. technology in server implementations.

James Greene Intel Corporation Intel® Trusted Execution Technology

Table of Contents The Threats to Data Keep Growing drive-by downloads, virtualization Attacks on IT infrastructure continue to attacks, and a growing number of other Executive Summary...... 1 grow in volume, complexity, sophistication, sources. More frightening still, creating The Threats to Data and stealth. According to the McAfee a malicious program is possible without 8 Keep Growing...... 2 Threat Report of 2Q 2012, “the number any significant programming skills. Nearly anyone can do it thanks to an increased Root of Trust: A Foundation of new unique malicious code and other availability of prepackaged “kits” that for Safer Computing...... 3 unwanted programs grew by over 8 million samples between the first and second allow for the easy definition, manipulation, Intel® TXT: From Client to Server. . . .3 quarter of 2012 alone.”2 These include a and deployment of malware. How Intel TXT Works...... 3 growing number of nasty, sophisticated Servers are a particularly alluring target. Additional Usage Models...... 4 rootkits, with more than a 100,000 new For instance, in 2012 alone hackers rootkit variants discovered in each of the have breached server systems at Yahoo, How to Get There: last 14 quarters. For another opinion on LinkedIn, and Sony with hundreds of Intel TXT Components...... 5 the matter of growth, consider that a few thousands of records jeopardized.9 2012 Details: Establishing a Root of Trust years ago, Kaspersky Lab forecast a 10- also saw breaches in the servers at the with Intel TXT for Servers ...... 6 fold increase in malicious programs, from University of Rhode Island, University 2.2 million to 20 million in 2008.3 This was Enabling Intel TXT ...... 7 of Maine, University of North Florida, far from exaggeration. The specialists at University of Nebraska, and other Summary...... 8 Kaspersky Lab detected the 25 millionth academic institutions.10 And it is not Additional Resources...... 8 malicious program and added it to the only academia that is at risk. Payment company’s anti-virus databases in June processing facilities, storage facilities, 2009.4 Today, the experts at McAfee are medical records providers, enterprises, expecting the identification of the 100 and even government entities have millionth malware sample some time in also been compromised in recent times. 3Q 2012. Clearly, the malware tide is rising Hundreds of thousands of records have unabated. been exposed, and control over facilities 11 Awareness of the dangers malicious has been jeopardized. While the details threats pose to modern societies’ from such breaches will continue to information and communications emerge, the basic trend—sophisticated, infrastructure has reached the top levels orchestrated, and highly targeted of government and industry leadership. attacks—is alarming. Unfortunately, there In a 2009 speech, U.S. President Barack are far too many such breaches of equal Obama noted, “It’s the great irony of our significance to report here. Information Age—the very technologies Making matters worse, the cost of a that empower us to create and to build data breach is daunting. The average also empower those who would disrupt organizational costs of a data breach in and destroy.”5 Security experts consulted the United States remained a stubbornly by Georgia Tech Information Security high USD 5.5 million in 2011,12 with lost Center (GTISC) believe cyber warfare will business as the largest percentage of accompany traditional military interaction this cost. According to the same study, more often in the years ahead.6 Organized the cost on a per-record basis is a crime is also involved. Cybercrime is so challenging USD 194 per record—so a profitable for organized crime that they large-scale breach can be very damaging. use it to fund other underground exploits, In 2012 Global Payments, a U.S.-based and U.S. law enforcement is reaching payment processing firm, cited costs of around the world in an attempt to reel it USD 84.8 million related to a recent data in.7 Other new threats appear daily from breach.13 It’s no wonder that according social networking sites, Web mashups to a 2012 study by FTI Consulting and (integrated applications or content from Corporate Boardroom both Corporate web sites that can contain viruses), Directors and General Counsel cited

2 Intel® Trusted Execution Technology

Data Security as their top concern.14 Once a basic root of trust and a secure How Intel TXT Works The growth of low-level attacks is also a basis for measurement and evaluation Intel TXT works by creating a Measured major motivator behind the U.S. National are established, it is possible to further Launch Environment (MLE) that enables Institute of Standards and Technologies extend these capabilities and the an accurate comparison of all the critical (NIST) to create new guidelines to focus technologies that enable them. For elements of the launch environment on addressing vulnerabilities in BIOS and example, to protect other aspects of the against a known good source. Intel 15 other key system firmware. system, mechanisms can be created to TXT creates a cryptographically unique seal and protect secrets in memory, as The result is that security considerations identifier for each approved launch- well as provide local or remote attestation can play a significant role in hindering the enabled component and then provides (proof) of system configuration. way that companies can use technology to hardware-based enforcement mechanisms to block the launch of code that does not expand or improve the efficiency of their Intel® TXT: From Client to Server operations, and new solutions are needed. match approved code. This hardware- Initially delivered to market with Intel® based solution provides the foundation vPro™ technology-based client platforms Root of Trust: A Foundation on which trusted platform solutions in 2007, Intel TXT has been extended to for Safer Computing can be built to protect against the mobile platforms as well. Because servers software-based attacks that threaten The penalties and costs for lost or hold a variety of personal, financial, integrity, confidentiality, reliability, and compromised customer, employee, or governmental, and other data, and are availability of systems. Such attacks, financial data make it imperative that under increased attack, it was imperative when successful, create costly downtime IT managers not lose control of their to expand this multi-layered protection and remediation expenses, as well as systems. This means they must implement approach into the server infrastructure. potentially large costs related to data the best tools available for protecting With the advent of cloud computing and breaches. their infrastructure and validating the consolidated virtualized data centers, the integrity of the computing environment potential harm from a single successful Intel TXT provides: on an ongoing basis. Establishing a root of attack has increased dramatically, • Verified Launch. A hardware-based trust is essential. Each server must have a particularly in edge-of-the-network chain of trust that enables launch of the component that will always behave in the servers such as web servers, portals, and MLE into a “known good” state. Changes expected manner and contain a minimum smaller databases. to the MLE can be detected through set of functions enabling a description cryptographic (hash-based or signed) of the platform characteristics and its Intel TXT on servers was launched with measurements. trustworthiness. the 2010 introduction of the Intel® Xeon® processor 5600 series systems. Hardened • Launch Control Policy (LCP). A The power of Intel® Trusted Execution for server environments (particularly policy engine for the creation and Technology (Intel® TXT) is establishing this virtual server environments), Intel TXT implementation of enforceable lists of root of trust that provides the necessary helps enable IT managers to provide “known good” or approved, executable underpinnings for successful evaluation of higher levels of system security and code. the computing platform and its protection.1 information assurance in enterprise The root is optimally small and difficult to computing architectures. Through • Secret Protection. Hardware-assisted defeat or alter, and allows for flexibility hardware-based technologies such methods that remove residual data at an and extensibility to measure platform as Intel TXT—and other Intel security improper MLE shutdown, protecting data components in the boot and launch technologies built into selected server from memory-snooping software and environment (such as BIOS, OS Loader, platforms—Intel is setting an industry reset attacks. and Virtual Machine Managers (VMMs)). benchmark for secure processing in • Attestation. The ability to provide The root also provides a trusted, tamper- data centers. These building blocks will platform measurement credentials to resistant position to evaluate the integrity facilitate better regulatory compliance local or remote users or systems to of any other components, enabling and increase the security and availability complete the trust verification process assurance through a secure comparison of infrastructures by addressing the ever- and support compliance and audit against expected measurements. By growing security threats across physical activities. allowing such comparisons during the boot and virtual infrastructures. and launch sequence, IT managers can stop the launch of unrecognized software and enforce “known good” launch-time configurations. 3 Intel® Trusted Execution Technology

Figure 1 shows the decision points and processes of the Intel TXT launch. The Intel® TXT: How it Works model outlines the high-level steps of an Intel TXT-enabled system evaluating Provisioning: launch components from the early BIOS 1 Known good values for and system firmware to the hypervisor. BIOS and Hypervisor provisioned into the TPM If mismatched, Policy In each step, the outcome may be that action enforced, indicates the measurements (hashes) of the untrusted status components match the expected “known 3 good” configurations and the launch If matched, Policy is allowed and indicated as trusted, or At power on, action enforced, indicates that there is a mismatch, and an action 2 measured launch trusted status can be taken and the launch indicated of BIOS, results match? as untrusted. In the case of the trusted launch, the benefit here is the assurance If mismatched, Policy action enforced, indicates that the environment has launched as untrusted status expected, without compromise. This 5 would be a valuable ability to demonstrate 4 Measured launch of in compliance-centric environments or Hypervisor match? If matched, Policy action enforced, indicates industries. trusted status In the case of a mismatch, one can get Software measure and verified an indication of an untrusted launch. For Platform trust can be reported example, a rootkit hypervisor such as the “Blue Pill” compromises the system by Figure 1 . Intel® Trusted Execution Technology (Intel® TXT) protects a virtual server attempting to install itself underneath environment data center. Source: Intel Corporation the hypervisor to effectively gain control of the platform. In this case, the Intel While this basic protection and enhanced and by which the platform launch integrity TXT-enabled system hashes the code, but control is effective on individual systems, has been verified. A policy is then created because it has been modified (through the it becomes even more powerful when that restricts the migration of VMs such insertion of the rootkit) it cannot match one considers aggregated resources that only those on trusted platforms can the “known good” configuration. In this and dynamic environments such as be migrated to other trusted platforms. In case Intel TXT would be able to indicate today’s virtualized and cloud-based the same vein, VMs that were created on an absence of trust, and action can be implementations. These implementations, untrusted or unverified platforms could taken. This demonstrates the benefit of because of their abstraction of physical be prevented from migrating into trusted the greater control Intel TXT provides hardware and multi-tenancy movement pools. This is analogous to an airline over the launch configuration and how across shared infrastructure, require passenger clearing an airport checkpoint it can help to mitigate the impact of low- more than traditional perimeter-oriented and then being able to move freely level malware attacks. security techniques. between gates. Additional Usage Models For example, with VM migration there is Figure 2 shows how VM migration can By providing controls to ensure only a a real concern of moving a compromised be controlled across resource pools trustable hypervisor is run on a platform, VM from one physical host to another and using trust as control instrumentation Intel TXT helps protect a server prior to potentially compromising that different for migration policy. This enables IT virtualization software booting and adds host and possibly impacting the VMs and managers to restrict confidential data launch-time protections that complement workloads on that platform. Intel TXT can or sensitive workloads to platforms that runtime malware protections, such as anti- help combat this issue in VM migration are better controlled and have had their virus software and intrusion detection by helping create something known as configurations more thoroughly evaluated systems. This is a valuable usage “trusted pools.” In this model, Intel TXT through the use of Intel TXT-enabled model for helping reduce support and is used as a foundation to create pools of platforms. The ability to restrict VM remediation costs for the enterprise. trusted hosts, each with Intel TXT enabled migration to only trusted hosts has been

4 Intel® Trusted Execution Technology

demonstrated by Intel, VMware Of course, all usage models require a Not all of the components needed for an (www.vmware.com), and HyTrust complete solution stack of hardware Intel TXT platform come directly from (www.hytrust.com) and captured in a and software components. Intel is Intel. Important components also come video at YouTube.16 This new concept for working closely with leading OS, VMM from third parties, including: virtualized environments is generating a (or hypervisor), and other independent • Trusted Platform Module (TPM) 1.2 great deal of interest from enterprises software vendors to include support for (third-party silicon)17 and cloud provider customers seeking new Intel TXT to deliver safer, more secure tools to provide insights and controls for server platforms and data center solutions • Intel TXT-enabled BIOS, and hypervisor virtual and cloud systems. through these and other innovative usage or OS environment models. If this is to be a meaningful control point, A platform must include all of these IT and security managers need a common How to Get There: Intel TXT components to be enabled for Intel TXT. way to monitor and report on trust- Components If one of these components is missing or related events in their infrastructure. This defective, the platform will launch into Intel® server platforms with Intel TXT capability lies at the heart of addressing a traditional, untrusted state. Note that include several new secure processing the visibility and compliance challenges Intel TXT also makes extensive use of innovations. As shown in Figure 3, exacerbated by virtualization and cloud Intel® Virtualization Technology (Intel® VT) these include: architectures. Operationally, this requires when utilized in a virtualized environment that trust status can be provided through • Trusted extensions integrated into to provide protections from unauthorized virtualization management consoles and the silicon (Intel Xeon processor and direct memory accesses (DMAs) and to delivered into Security Information Event Intel® chipset) enforce application and data isolation on Management (SIEM) and Governance, Risk, the system.18 • Authenticated Code Modules (ACMs) and Compliance (GRC) systems for more automated logging, reporting, and audit. • LCP tools

Intel® TXT Trusted Pools Use Model

Trusted Systems Virtualization management can Security VM1 VM2 1 identify and report platforms that Management demonstrate integrity via Intel TXT Blue = Sensitive VM Green = ✔ Security management software allows Generic VM 2 identification of sensitive workloads

Security management software can 3 read platforms trust status from Policy: virtualization management software Sensitive VM requires trusted host VM3 Security management software allows 4 linkage of platform capability to workload classification via policy Virtualization Management ✔ Security management software policy 5 can control VMs based on platform trust to better protect data Untrusted Systems

Figure 2 . Trustable pools created using Intel® Trusted Execution Technology (Intel® TXT)-enabled platforms help ensure safe migration between hosts. Source: Intel Corporation 5 Intel® Trusted Execution Technology

Intel® TXT and VT-x Support

Intel® TXT and VT-d Support

TMP Support

Intel Chipset BIOS AC Module, Preboot TXT Init Code

Intel® Software SINIT AC module 3rd Party SW MLE, Hosted OS Apps, etc.

Figure 3 . Intel® Trusted Execution Technology (Intel® TXT) components.

Details: Establishing a Root of of S-RTM is its simplicity. Its shortcoming The other method of establishing trust in Trust with Intel TXT for Servers is that S-RTM alone on a complex system a computing environment is Dynamic Root can result in a large and unmanageable of Trust for Measurement (D-RTM). D-RTM There are two distinct methods of Trusted Computing Base (TCB)—the generally results in a smaller TCB—which establishing trust in a computing set of components required to consider is desirable. In D-RTM, the trust properties environment. The first method is called the platform trustable. If any of the of the components can be ignored until Static Root of Trust for Measurement components in the boot/launch process a secure event (for example, an enabled (S-RTM). In S-RTM models, the change (or get updated) after the trust is hypervisor launch) triggers and initializes measurement starts at a platform reset established, the system requires migration the system, starting the initial root of event and an immutable root (such as a or re-sealing of secrets. measurement. Components that were BIOS boot block) and continues into the OS staged before the D-RTM secure event and its components. The major advantage will be excluded from the TCB and cannot execute after the trust properties of the system are established.

6 Intel® Trusted Execution Technology

Intel developed Intel TXT architecture Enabling Intel TXT As a policy engine, LCP operates on the for servers because server environments Intel is working closely with industry policy data structures that are rooted present challenging boot scenarios. partners to deliver safer, more secure in and protected by the platform TPM Therefore, in servers it is essential to server platforms and data centers. As component. The TPM contains server- bring into the TCB some parts of the early noted earlier, Intel TXT-enabled solutions manufacturer-stored policy and owner- BIOS that initialize the system fabric and require components from multiple stored policy. These policies specify the runtime BIOS components (also called vendors to provide the relevant platform what values represent the “known system management code). These are protection. Intel TXT requires a server good” or desired software load digests. needed to implement server reliability, system with Intel VT, an Intel TXT-enabled Policy engine rules dictate that the availability, and serviceability (RAS) processor, chipset, ACM, enabled BIOS, platform owner’s set policy overrides the features. Consequently, because a pure and an Intel TXT-compatible MLE (OS or stored set policy. This allows a server D-RTM implementation excludes these hypervisor). In addition, Intel TXT requires manufacturer to point to an MLE that is items, a true D-RTM implementation with the system to contain a TPM v1.2, as installed in the factory and at the same its smaller TCB falls short. defined by the Trusted Computing Group time provides an opportunity for the platform owner (such as an IT manager) to To create a more suitable implementation (http://www.trustedcomputinggroup. update or override it in order to replace it for servers, Intel TXT takes key features org), and specific software for some with their own choice of MLE. The details from both approaches. In any computer uses. And more advanced Trusted Pools of developing or implementing an MLE and system, certain components (both and compliance-oriented use models LCPs are detailed in the document Intel hardware and software) need to be inside also require security policy engines and Trusted Execution Technology Software the trust boundary of the TCB to detect security management and compliance Development Guide available at launch status. In the Intel TXT trust tools and more. www.intel.com/txt. model, some of the system boot firmware Intel’s enabling effort spans all of the is allowed within the trust boundary of components above. We are working with Intel TXT is available on a growing number the hardware-protected environment. system vendors to provide guidance of server platforms based on the Intel In fact, Intel TXT allows just enough of on the required hardware components Xeon processor family from a variety of the system firmware within the trust (including compatible TPM), enabling system vendors. And there is a growing boundary so that all of the current or BIOS for TXT through the integration of ecosystem of supporting hypervisor and projected RAS features can be supported. ACMs, and providing LCP and LCP tools to security software products that are now In addition, Intel TXT architecture borrows facilitate the test and validation of Intel trust-aware for enabling trusted pools and from the S-RTM model, providing methods TXT components. compliance use models. While system and for measuring and recording in the TPM software vendors will individually disclose any of the system firmware that is within Similarly, we are working with OS and Intel TXT support for their specific the trust boundary—providing additional hypervisor vendors to help them develop products, Intel also provides on its web ability to detect attacks against this Intel TXT-enabled software packages. site a comprehensive list of platforms, sensitive platform component. Our work here is focused on providing the software products, and service providers ACM required to enable trusted boot. We that have announced support for Intel In Intel TXT architecture, the trusted are also providing validation guidance and TXT. As enabled platforms proliferate in firmware will most frequently include access to an LCP tool. the market, we expect increased software the BIOS components that initialize the support for the features and more system fabric, modules that participate in LCP is a component that deserves solutions and reference architectures built implementing system RAS features that particular attention. It is touched and on these capabilities. In short, there will would require modification to the system usable by nearly all Intel TXT components be a growing ecosystem of support for fabric, and any system service processor and component providers. It is also a tool Intel TXT over time. (SSP) code. IT managers will use to help control their environments.

7 Intel® Trusted Execution Technology

Summary • Reduce malware-related support Through Intel TXT and other new features Most malware prevention tools execute and remediation costs. in the Intel Xeon processor families, Intel is taking a leading role in delivering solutions only after the system boots into the • Establish visibility into the integrity of that help mitigate current and emerging runtime environment. In an age of ever- physical and virtual infrastructure growing threats from hypervisor attacks, attacks and help reduce the overhead BIOS and other firmware attacks, malicious Overall, Intel is enabling a significant of securing data. Talk to your server root kit installations, and more, Intel TXT opportunity for IT organizations to supplier today to start making security a helps to close an important security gap future proof their infrastructures. Using foundational part of your IT architecture by providing evaluation of the launch Intel TXT-enabled solutions can help and server planning. environment and enforcing “known good” them stay ahead of emerging threats. IT code execution. Complementing runtime organizations can gain important security Additional Resources instrumentation and visibility for their security protection solutions, Intel TXT You can learn more about Intel Trusted growing virtualized environments to adds a foundational (hardware-based) Execution Technology using the following allow them to better control the flow protection capability to server systems resources: by allowing greater control of the launch of confidential, privileged, or sensitive stack and isolation in boot process. workloads or data by restricting these • More web-based info: to more thoroughly evaluated or trusted – www.intel.com/technology/security More than ever, today’s businesses platforms. They also gain the capability to and organizations need this kind of have hardware-protected mechanisms for – download.intel.com/technology/ protection to help secure critical customer, reporting on the integrity of the platform security/downloads/315168.pdf employee, and financial data, and preserve configuration, which will help meet the systems infrastructure. This is becoming growing requirements for compliance • A book on this topic: more crucial as companies adopt more auditing and provide a new control point David Grawrock, Dynamics of a Trusted virtualized, shared, and multi-tenant in virtual and cloud infrastructures. While Platform: A Building Block Approach, infrastructure models. With Intel TXT- the near-term model will be the creation Intel Press, ISBN#978-1-934053-17-1 enabled solutions you can: of “trustable pools” amid their legacy systems, increasingly, platform trust will • Source code for Trusted Boot (open • Address the increasing and evolving source MLE code, LCP tools, and more): security threats across your physical grow to be a baseline level of assurance – sourceforge.net/projects/tboot and virtual infrastructure. for platforms as systems are refreshed— essentially increasing the expectations for For more information on Intel® Trusted • Facilitate compliance with government data center security Execution Technology, visit and industry regulations and data over time. protection standards. www .intel .com/txt

1 No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit www.intel.com/technology/security INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, 2 “McAfee Threat Report,” 2Q 2012. EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS 3 “Kaspersky Lab detects 25 millionth malicious program,” Kaspersky Lab press release, June 12, 2009. GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR 4 Ibid. SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS 5 “Remarks by the President on Securing Our Nation’s Cyber Infrastructure,” The White House, Office of the Press OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR Secretary, Mary 29, 2009. WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGE- MENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. UNLESS OTHERWISE 6 “Emerging Cyber Threats Report for 2009,” report from GTISC annual Security Summit on Emerging Cyber Threats, AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY October 18, 2009. APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE 7 “Cisco 2008 Annual Security Report,” Cisco, February 2009. PERSONAL INJURY OR DEATH MAY OCCUR. 8 “Malware Discussion,” Norman ASA, July 10, 2009. Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not (www.norman.com/security_center/security_center_archive/2009/70364/en) rely on the absence or characteristics of any features or instructions marked “reserved” or “undefined.” Intel reserves 9 “Yahoo confirms server breach, over 400k accounts compromised,” Engadget, July 12, 2012. these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from www.engadget.com/2012/07/12/yahoo-security-breach future changes to them. The information here is subject to change without notice. Do not finalize a design with this information. 10 SC Magazine. www.scmagazine.com/data-breaches/topic/3225/. The products described in this document may contain design defects or errors known as errata which may 11 “Reports: Thief holds Virginia medical data ransom,” SecurityFocus, May 5, 2009. cause the product to deviate from published specifications. Current characterized errata are available on request. 12 “2011 Annual Study: U.S. Cost of a Data Breach,” Symantec, Ponemon Group, March 2012. Contact your local Intel sales office or your distributor to www.slideshare.net/symantec/2011-annual-study-us-cost-of-a-data-breach-march-2012 obtain the latest specifications and before placing your 13 “Global Payments: data breach cost a whopping $84.8 million” Network World, July 26, 2012. product order. Copies of documents which have an order www.networkworld.com/news/2012/072712-global-payments-data-breach-cost-261204.html number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or 14 Legal Risks on the Radar. www.fticonsulting.com/global2/media/collateral/united-states/legal-risks-on-the-radar.pdf by visiting Intel’s Web site at www.intel.com. 15 NIST BIOS Protection Guidelines. csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf Copyright © 2010-2012 Intel Corporation. All rights 16 YouTube: www.youtube.com/watch?v=Vwe_XFFtjM4 reserved. Intel, the Intel logo, Intel vPro, and Xeon are 17 The original equipment manufacturer must provide TPM functionality, which requires a TPM-supported BIOS. TPM trademarks of Intel Corporation in the U.S. and other functionality must be initialized and may not be available in all countries. countries. 18 Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, and virtual *Other names and brands may be claimed as the property machine monitor (VMM). Functionality, performance or other benefits will vary depending on hardware and software of others. configurations. Software applications may not be compatible with all operating systems. Consult your PC manufac- Printed in USA Please Recycle turer. For more information, visit www.intel.com/go/virtualization 0113/JR/MESH/PDF 323586-003US