A Hijacker's Guide to the LPC Bus

Total Page:16

File Type:pdf, Size:1020Kb

A Hijacker's Guide to the LPC Bus A Hijacker's Guide to the LPC bus Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 1 Motivation Endpoint security and Trusted Computing How about resilience against simple hardware attacks? Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 2 Trusted Computing in a nutshell Trusted Computing (TCG-style) Trusted Platform Module Passive smart-card like component Stores and reports “measurement values” Platform Configuration Registers (PCRs) Roots-of-Trust for Measurement Submit measurements to the TPM Construct a “chain of measurements” Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 3 Chain of Trust (static) “Measure before execute” Platform Configuration Register are not directly modifiable (the can only be extended) BIOS CRTM Time TPM PCR 23 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 4 Chain of Trust (static) “Measure before execute” Platform Configuration Register are not directly modifiable (the can only be extended) BIOS Boot CRTM Loader extend Time TPM PCR 23 08 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 5 Chain of Trust (static) “Measure before execute” Platform Configuration Register are not directly modifiable (the can only be extended) Evil Unknown OS dangers lurk here BIOS Boot CRTM Loader Good Safe harbor OS of trust extend extend 47 Time TPM PCR 23 08 15 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 6 Chain of Trust (static) “Measure before execute” Platform Configuration Register are not directly modifiable (the can only be extended) Evil Unknown OS dangers lurk here BIOS Boot Trusted CRTM Loader App. Good Safe harbor OS of trust extend extend extend 47 49 Time TPM PCR 23 08 15 42 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 7 Late-Launch (D-RTM) “From untrusted to trusted” Objective: Establish one good measurement and “late-launch” trusted code To trust or not to App. trust? CPU Time TPM PCR ?? Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 8 Late-Launch (D-RTM) Trigger the late launch sequence Trusted microcode inside the CPU takes over control To trust or not to App. trust? Trusted CPU Microcode Time TPM PCR ?? Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 9 Late-Launch (D-RTM) Reset special purpose “D-RTM” PCRs CPU sends a special command to tell the TPM about the late-launch event To trust or not to App. trust? Trusted CPU Microcode reset Time TPM PCR ?? 00 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 10 Late-Launch (D-RTM) Measure and execute trusted code To trust Trusted App. or not to Code trust? Trusted CPU Microcode reset extend Time TPM PCR ?? 00 42 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 11 Late-Launch (D-RTM) Transition “from untrusted to trusted” is complete To trust Trusted Safe harbor or not to App. Code of trust trust? Trusted CPU Microcode reset extend extend Time TPM PCR ?? 00 42 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 12 “The desktop PC” RAM RAM Memory Hub RAM Main CPU (Northbridge) Flash BIOS Claim: We can't trust the software on this platform. I/O Hub (Southbridge) There is no way to tell which software is running. Keyboard Super I/O Mouse Controller Floppy Drive Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 13 “The trusted desktop PC” RAM RAM Memory Hub RAM Main CPU (Northbridge) Flash BIOS Claim: We can trust the platform to tell us reliably I/O Hub TPM (Southbridge) which software is running. (It is still up to us if we Keyboard Super I/O trust the software itself ...) Mouse Controller Floppy Drive (at least partially) Trusted System Component Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 14 TPM's view of a “Late-Launch” RAM RAM Memory Hub RAM Main CPU (Northbridge) Microcode TPM register writes pass through the North- and I/O Hub TPM (Southbridge) South-bridges to the LPC bus and the TPM. Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 15 TPM's view of a “Late-Launch” RAM RAM Memory Hub RAM Main CPU (Northbridge) Microcode TPM register writes pass through the North- and I/O Hub TPM (Southbridge) South-bridges to the LPC bus and the TPM. Low Pin Count (LPC) bus Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 16 TPM's view of the “Late Launch” Start of Late Launch Sequence (Dummy write to TPM_HASH_START register) Trusted code is sent to the TPM for measurement I/O Hub (Multiple writes to TPM_HASH_DATA register) (Southbridge) TPM CPU signals that the trusted code is being invoked (Dummy write to TPM_HASH_END register) Unencrypted and Unauthenticated LPC Bus Traffic Main CPU Late Launch Microcode Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 17 Local adversaries Dishonest employee Leak/steal protected information ... Circumvent software policies ... Malicious end-user Defeat Digital Rights Management ... Curious researcher (e.g. me) Interested in why things work and how they break ... Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 18 What is a simple hardware attack? “... What is the definition of a simple hardware attack? ... Going to a local electronic store, purchasing twenty dollars worth of parts, putting the parts together and defeating the […] protection is a simple hardware attack. ...” [David Grawrock; “Dynamics of a Trusted Platform”, Intel Press, 2009, p. 132] Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 19 Why we can't simulate the “Late-Launch” in software … TPM Localities Simple hardware based mechanism to signal origin of a TPM transaction Locality 4 – Trusted Hardware (D-RTM) Only usable by the late launch CPU microcode Illegal access attempts are filtered by the Southbridge D-RTM related TPM registers are only accessible by locality 4 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 20 A sneak peek at the LPC bus Low Pin Count Bus Low-bandwidth devices (Super I/O chip, TPM) Minimal configuration: 7 bus wires 1x Clock, 1x Reset, 1x Start-of-Frame, 4x Address/Data Weakest (hardware) link between CPU and TPM Low clock speed (33 MHz) Few bus lines (= fewer probe wires) No checksums/authentication/encryption Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 21 A sneak peek at the LPC bus Two interesting types of LPC bus cycles Memory write cycle START CTDIR 32-bit Address 8-bit Data TAR SYNC TPM write cycle START CTDIR 16-bit Address 8-bit Data TAR SYNC 4-bit Locality 12-bit Register Defined by the LPC bus specification (At least partially) controlled by the attacker Protected by trusted hardware (Southbridge) Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 22 Memory vs. TPM bus cycles Memory write cycles Easy to generate in software (<50 LOC C program) Get root access on the target machine Comparison memory vs. TPM cycles: Start of Frame Memory write START CTDIR 32-bit Address 8-bit Data TAR SYNC TPM write START CTDIR 16-bit Address 8-bit Data TAR SYNC Time Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 23 A time-shift experiment Assume that we have two independent cycles One Memory cycle starting at time zero One TPM cycle starting a little bit later Start of Frame Memory write START CTDIR 32-bit Address 8-bit Data TAR SYNC Start of Frame TPM write START CTDIR 16-bit Address 8-bit Data TAR SYNC Time Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 24 Hijacking the memory cycle We can hijack a memory cycle ... … and piggy-back an arbitrary TPM cycle. We feed the TPM with a modified frame signal Hardware filter in the Southbridge does not detect us Attacker-created delay Start of Frame (Southbridge) Memory write START CTDIR 32-bit Address 8-bit Data TAR SYNC Start of Frame Locality is under full control (to TPM) of the attacker TPM write START CTDIR 16-bit Address 8-bit Data TAR SYNC Time Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 25 Hijacking the bus in theory ... RAM RAM Memory Hub RAM Main CPU (Northbridge) Minimal hardware modifications Multiplexed Address/Data Lines Tap the address/data lines I/O Hub TPM (two are strictly required) Original frame signal (Southbridge) Break the original frame signal path anywhere along its way to the TPM Hijacker Device Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 26 … and in practice! (Lab setup) PC Southbridge Simulator TPM v1.2 daugtherboard LPC bus hijacking device Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 27 … and potential victim platforms AMD processor with TPM on a daughter-board Intel processor with fixed TPM (not shown here) Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 28 … LPC bus probing experiment “Dead Bug” probe wires on top of a flash memory chip Work time: ~45 min Disassemble Solder probes Install evil hardware Reassemble Investigates feasibility of bus probing approach Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 29 … testing the hijacker device Test setup on an old development board with TPM daughter-board. Work time: ~15 min Disassemble Install T-adapter Install hijacker Reassemble In-system operation of the hijacker Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 30 Impact Simulated late launch (“Untrusted to untrusted”) TPM's view of the platform state got corrupted To trust Evil HIC SUNT or not to App DRAGONES trust? Hijacker LPC bus PCRs no longer reflect Device modification the actual platform state ... reset extend Time TPM PCR ?? 00 42 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 31 Impact Construction of fake measurement values Static RTM (via “TPM reset attack”) Described independently by Kauer and Sparks Use LPC bus hijacking to simulate a D-RTM Introduced in our paper There is currently no simple way for a verifier to distinguish fake measurements constructed in this manner from real measurements done on the same TPM. Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 32 Lessons learned Attack resilience of “trusted” PC platforms TPM is hard target CPU and microcode are hard targets Trusted PC platforms are (still) weak targets for attackers with physical access Never trust a remote endpoint … … even if it has a TPM Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 33 Johannes Winter IAIK/EUROPKI2011/HIJACKER'S GUIDE 34 Bill of materials Testing equipment (hardware) ~15€ TPM daughter-board (from Amazon) ~450€ Spartan-3A DSP 1800 board (used as South-bridge simulator, from Avnet) Attack equipment (hardware) ~10€ Breadboards, wires, resistors, etc.
Recommended publications
  • Direct Memory Access Components Verification System
    ТРУДЫ МФТИ. — 2012. — Том 4, № 1 Frolov P. V. et al. 1 УДК 004.052.42 P. V. Frolov, V. N. Kutsevol, A. N. Meshkov, N. Yu. Polyakov, M. P. Ryzhov AO «MCST» PAO «INEUM» Direct Memory Access components verification system A method of direct memory access subsystem verification used for Elbrus series micro- processors has been described. A peripheral controller imitator has been developed in order to reduce verification overhead. The model of imitator has been included into the functional machine simulator. A pseudorandom test generator for verification of the direct memory access subsystem has been based on the simulator. Ключевые слова: system verification, functional model, direct memory access, pseu- dorandom test generation. Direct Memory Access components verification system 1. Introduction Modern computer systems require very intensive data exchange between the peripheral de- vices and the random-access memory. In the most cases this exchange is performed by the direct memory access (DMA) subsystem. The increasing demands for the performance of the subsys- tem lead to an increase in its complexity, therefore requiring development of effective approaches to DMA subsystem verification [1,2]. This article is based on a result of a comprehensive project than combined implementation of a there co-designed verification techniques based on the consecutive investigation of theDMA subsystem employing one the three models: 1) a functional model written in C++ that corre- sponds to behaviour of the subsystem in the environment determined by a real computer system configuration, 2) RTL model in Verilog and 3) FPGA-based prototype. This article describesthe first method that enables verifying correctness of the design at an early stage of the verification and eliminate a large quantity of bugs using simple tests.
    [Show full text]
  • VIA RAID Configurations
    VIA RAID configurations The motherboard includes a high performance IDE RAID controller integrated in the VIA VT8237R southbridge chipset. It supports RAID 0, RAID 1 and JBOD with two independent Serial ATA channels. RAID 0 (called Data striping) optimizes two identical hard disk drives to read and write data in parallel, interleaved stacks. Two hard disks perform the same work as a single drive but at a sustained data transfer rate, double that of a single disk alone, thus improving data access and storage. Use of two new identical hard disk drives is required for this setup. RAID 1 (called Data mirroring) copies and maintains an identical image of data from one drive to a second drive. If one drive fails, the disk array management software directs all applications to the surviving drive as it contains a complete copy of the data in the other drive. This RAID configuration provides data protection and increases fault tolerance to the entire system. Use two new drives or use an existing drive and a new drive for this setup. The new drive must be of the same size or larger than the existing drive. JBOD (Spanning) stands for Just a Bunch of Disks and refers to hard disk drives that are not yet configured as a RAID set. This configuration stores the same data redundantly on multiple disks that appear as a single disk on the operating system. Spanning does not deliver any advantage over using separate disks independently and does not provide fault tolerance or other RAID performance benefits. If you use either Windows® XP or Windows® 2000 operating system (OS), copy first the RAID driver from the support CD to a floppy disk before creating RAID configurations.
    [Show full text]
  • Tms320dm643x DMP Peripherals Overview Reference Guide (Rev. A
    TMS320DM643x DMP Peripherals Overview Reference Guide Literature Number: SPRU983A June 2007 2 SPRU983A–June 2007 Submit Documentation Feedback Contents Preface ............................................................................................................................... 4 1 Overview.................................................................................................................... 5 2 Asynchronous External Memory Interface (EMIF)............................................................ 6 3 DDR2 Memory Controller ............................................................................................. 6 4 DSP Megamodule Internal Direct Memory Access (IDMA) Controller ................................. 7 5 DSP Megamodule Interrupt Controller (INTC) ................................................................. 7 6 DSP Megamodule Power-Down Controller (PDC) ............................................................ 8 7 Enhanced Direct Memory Access (EDMA) Controller....................................................... 8 8 Ethernet Media Access Controller (EMAC)/Management Data Input/Output (MDIO) Module....................................................................................................................... 8 9 General-Purpose Input/Output (GPIO)............................................................................ 8 10 High-End CAN Controller (HECC).................................................................................. 9 11 Host Port Interface (HPI) .............................................................................................
    [Show full text]
  • Get More out of the Intel Foxhollow Platform
    Get More Out Of the Intel Foxhollow Platform Akber Kazmi, Marketing Director, PLX Technology Introduction As being reported by the mainstream technology media, Intel is leveraging the technology from its latest server-class Nehalem CPU to offer the Lynnfield CPU, targeted for high-end desktop and entry-level servers. This platform is codenamed “Foxhollow “. Intel is expected to launch this new platform sometime in the second half of 2009. This entry-level uni-processor (UP) server platform will feature two to four cores as Intel wants to pack a lot of processing power in all its platforms. The Foxhollow platform is quite different from the previous Desktops and UP servers in that it reduces the solution from three chips to two chips by eliminating the northbridge and replacing the southbridge with a new device called the Platform Controller Hub (or PCH) code named Ibexpeak (5 Series Chipset). As Intel has moved the memory controller and the graphics function into the CPU, there's no need for an MCH (Memory Controller Hub), so Intel has simplified its chipset design to keep costs down in the entry-level and mainstream segments. The PCH chip interfaces with the CPU through Intel’s DMI interconnect. The PCH will support eight PCIe lanes, up to four PCI slots, the GE MAC, display interface controllers, I/O controllers, RAID controllers, SATA controllers, USB 2.0 controllers, etc. Foxhollow Motherboards Foxhollow motherboards are being offered in two configurations, providing either two or three x8 PCIe ports for high performance I/Os. However, motherboard vendors can use an alternate configuration that provides one more PCIe x8 port with no significant burden and instead offers 33% more value than the three port solution and 50% more value than the two port solution.
    [Show full text]
  • Front Panel I/O Connectivity Design Guide
    Front Panel I/O Connectivity Design Guide Revision 1.1 July 2018 Document Number: 600569 Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at intel.com. Intel technologies may require enabled hardware, specific software, or services activation. Check with your system manufacturer or retailer. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548- 4725 or visit www.intel.com/design/literature.htm. Intel and the Intel logo are trademarks of Intel Corporation in the U.S.
    [Show full text]
  • Getting Started with Microchip's Low Pin Count USB Solutions
    Slide 1 Getting Started with Microchip's Low Pin Count USB solutions Welcome to “Getting Started with Microchip’s Low Pin Count USB Solutions”. This self-directed course is intended to provide the user with a quick overview of the USB, introduce the new Low Pin Count USB Development kit, and Microchip’s Full-Speed USB Firmware Framework to ease the development of your own USB applications quickly. Slide 2 Class Prerequisites O Attendees should have a the following: - A general knowledge of the Universal Serial Bus (USB) - A working knowledge of the C programming language - Familiarity with Microchip’s High Performance PIC18 Microcontrollers Getting Started with Microchip’s Low Pin Count USB Solutions Slide 2 In order to fully benefit from this self-directed course the user should have a very basic knowledge of the USB, have programmed in C, and be familiar with Microchip’s High Performance PIC18 Microcontrollers. Once completed, the user should complete the Project Labs listed in the Low Pin-Count USB Development kit user’s guide. Slide 3 Agenda O High-level overview of the USB and how it relates to the PIC18F1XK50 Device - Physical and Logical Topologies - “Plug and Play” - Communication O Overview of Microchip’s Low Pin Count USB Solutions - Low Pin-Count USB Development Kit - Microchip’s Full Speed USB Firmware Framework Getting Started with Microchip’s Low Pin Count USB Solutions Slide 3 This class will begin with an overview, albeit moderately high-level, of the USB. This is a complex protocol. Therefore, you should not feel discouraged if you don’t understand everything the first time through this class.
    [Show full text]
  • Memory Technology and Trends for High Performance Computing Contract #: MDA904-02-C-0441
    Memory Technology and Trends for High Performance Computing Contract #: MDA904-02-C-0441 Contract Institution: Georgia Institute of Technology Project Director: D. Scott Wills Project Report 12 September 2002 — 11 September 2004 This project explored the impact of developing memory technologies on future supercomputers. This activity included both a literature study (see attached whitepaper), plus a more practical exploration of potential memory interfacing techniques using the sponsor recommended HyperTransport interface. The report indicates trends that will affect interconnection network design in future supercomputers. Related publications during the contract period include: 1. P. G. Sassone and D. S. Wills, On the Scaling of the Atlas Chip-Scale Multiprocessor, to appear in IEEE Transaction on Computers. 2. P. G. Sassone and D. S. Wills, Dynamic Strands: Collapsing Speculative Dependence Chains for Reducing Pipeline Communication, to appear in IEEE/ACM International Symposium on Microarchitecture, Portland, OR, December 2004. 3. B. A. Small, A. Shacham, K. Bergman, K. Athikulwongse, C. Hawkins, and D. S. Wills, Emulation of Realistic Network Traffic Patterns on an Eight-Node Data Vortex Interconnection Network Subsystem, to appear in OSA Journal of Optical Networking. 4. P. G. Sassone and D. S. Wills, On the Extraction and Analysis of Prevalent Dataflow Patterns, to appear in The IEEE 7th Annual Workshop on Workload Characterization (WWC-7), 8 pages, Austin, TX, October 2004. 5. H. Kim, D. S. Wills, and L. M. Wills, Empirical Analysis of Operand Usage and Transport in Multimedia Applications, in Proceedings of the 4th IEEE International Workshop on System-on-Chip for Real-Time Applications(IWSOC'04), pages 168-171, Banff, Alberta, Canada, July 2004.
    [Show full text]
  • Motherboards, Processors, and Memory
    220-1001 COPYRIGHTED MATERIAL c01.indd 03/23/2019 Page 1 Chapter Motherboards, Processors, and Memory THE FOLLOWING COMPTIA A+ 220-1001 OBJECTIVES ARE COVERED IN THIS CHAPTER: ✓ 3.3 Given a scenario, install RAM types. ■ RAM types ■ SODIMM ■ DDR2 ■ DDR3 ■ DDR4 ■ Single channel ■ Dual channel ■ Triple channel ■ Error correcting ■ Parity vs. non-parity ✓ 3.5 Given a scenario, install and configure motherboards, CPUs, and add-on cards. ■ Motherboard form factor ■ ATX ■ mATX ■ ITX ■ mITX ■ Motherboard connectors types ■ PCI ■ PCIe ■ Riser card ■ Socket types c01.indd 03/23/2019 Page 3 ■ SATA ■ IDE ■ Front panel connector ■ Internal USB connector ■ BIOS/UEFI settings ■ Boot options ■ Firmware upgrades ■ Security settings ■ Interface configurations ■ Security ■ Passwords ■ Drive encryption ■ TPM ■ LoJack ■ Secure boot ■ CMOS battery ■ CPU features ■ Single-core ■ Multicore ■ Virtual technology ■ Hyperthreading ■ Speeds ■ Overclocking ■ Integrated GPU ■ Compatibility ■ AMD ■ Intel ■ Cooling mechanism ■ Fans ■ Heat sink ■ Liquid ■ Thermal paste c01.indd 03/23/2019 Page 4 A personal computer (PC) is a computing device made up of many distinct electronic components that all function together in order to accomplish some useful task, such as adding up the numbers in a spreadsheet or helping you to write a letter. Note that this defi nition describes a computer as having many distinct parts that work together. Most PCs today are modular. That is, they have components that can be removed and replaced with another component of the same function but with different specifi cations in order to improve performance. Each component has a specifi c function. Much of the computing industry today is focused on smaller devices, such as laptops, tablets, and smartphones.
    [Show full text]
  • Shuttle XPC Cube Barebone SH370R6V2 – Connectors
    Product Specification Supports 8th/9th generation Intel Core XPC cube Barebone CPUs and up to three UHD displays SH370R6V2 The Shuttle XPC Barebone SH370R6V2 shows how discreet a modern PC can look and at the same time how powerful it can be. Its black- brushed aluminium case has barely a volume of 14 litres, but packs everything you need for a high-performance workstation for example. This includes the power of 8th/9th gen. Intel Core processors, a dual- slot graphics card, fast M.2 NVMe SSD drives, two 3.5’’ hard drives in 8/9th.Gen. 4x DDR4 Dual Triple UHD RAID and up to 128 GB of DDR4 memory, plus a Blu-ray drive. Even Intel Core max. 128GB LAN Display without a dedicated graphics card, up to three UHD displays are supported optionally [3]. Feature Highlights only. purposes illustration for Pictures . Black aluminium chassis (13.6-litre) R6 Chassis Dimensions: 33.2 x 21.5 x 19.0 cm (LWH) Bays: 1x 5.25“, 2x 3.5“ (1x external) Socket LGA 1151v2 supports the 8th and 9th generation Intel Core processors “Coffee Lake” Does not support older LGA 1151 processors. CPU Supports Intel Core i9/i7/i5/i3, Pentium Gold and Celeron Shuttle I.C.E. Heatpipe cooling system Operating Supports Windows 10 and Linux (64-bit) System Optional Optional Intel graphics (depends on CPU [3]) Graphics Supports three digital UHD displays at once Chipset Intel H370 PCH Supports up to 4x 32 GB DDR4-2400/2666 DIMM Memory memory modules (total max. 128 GB) [5] 1x PCIe x16 (v3.0) supports dual-slot graphics Slots cards up to 273 mm length (PCI-E and 1x PCIe x4 (v3.0) M.2) 1x M.2-2280 (SATA / PCIe X4) supports M.2 SSDs 1x M.2-2230 supports WLAN cards SATA 4x SATA 3.0 (6Gb/s) supports RAID and RST Video: HDMI 2.0a and 2x DisplayPort 1.2 Other 4x USB 3.2 Gen 2, 4x USB 3.2 Gen 1, 4x USB 2.0 Connectors 2x Intel LAN.
    [Show full text]
  • J7F3 Mini-ITX Motherboard Series
    Mainboard Diagram J7F3 Mini-ITX Motherboard Series -SiS 741CX Northbridge + SiS 964 Southbridge Chipsets -Support Socket-462 AMD Geode NX processor -Support Front Side Bus 133MHz -Single Channel DDR2 400 Memory DIMM -Support 2 Serial ATA Devices with RAID 0, 1 -Support 2xAD Connector With Expansion Daughter-boards -Ethernet LAN Supported -AC’97 6 Channel Audio CODEC -VIA VT6307S IEEE1394a Controller for J7F3E -17 x 17CM Mini-ITX Form Factor Features and Benefits Support Socket 462 AMD Geode™ NX Processor The AMD Geode™ NX processor family gives product designers a wide range of options in low-power, high-performance processors. Based on Mobile AMD Athlon™ processor technology, AMD NX processors deliver superior computing performance for applications including thin-client, point-of-sale terminals, kiosks, high-end printers, and home media systems. AMD Geode Solutions have received new model numbers to better reflect total performance beyond just megahertz. This presentation of attributes gives designers greater understanding of the capabilities of AMD Geode Solutions. SiS 741CX Northbridge Chipset and SiS964 Southbridge Chipset The SiS741CX chipset can be combined with three different AMD Geode NX processors, including the AMD Geode™ NX 1250@6W processor*, AMD Geode™ NX 1500@6W processor** and AMD Geode™ NX 1750@14W processor***, enabling development of a wider variety of products for different market segments. The SiS741CX chipset supports the AMD Geode NX processor family, DDR266 front side bus, as well as high-speed DDR333 DRAM. Furthermore, the SiS741CX chipset incorporates SiS's revolutionary HyperStreaming™ Technology, which provides multiple divided pipelines for data, allows data to be sent concurrently, and separates data for easier memory retrieval, resulting in a remarkable reduction in latency versus traditional chipsets.
    [Show full text]
  • PCIE-Q870-I2 PICMG 1.3 CPU Card
    PCIE-Q870-i2 PICMG 1.3 CPU Card MODEL: PCIE-Q870-i2 Full-Size PICMG 1.3 CPU Card Supports LGA1150 Intel® Core™ i7/i5/i3, Pentium® or Celeron® CPU, Intel® Q87 Chipset, DDR3, VGA, iDP, Dual Intel® PCIe GbE, SATA 6Gb/s, PCIe Mini, mSATA, RS-232, HD Audio, iRIS-2400 and RoHS User Manual Page i Rev. 1.05 – November 13, 2015 PCIE-Q870-i2 PICMG 1.3 CPU Card Revision Date Version Changes November 13, 2015 1.05 Updated Section 1.6: Technical Specifications Updated Section 2.4: Optional Items Updated Chapter 5: BIOS March 23, 2015 1.04 Updated Section 4.3.3: Flash Descriptor Security Override Jumper November 5, 2014 1.03 Updated PCIe specifications on page 7 June 16, 2014 1.02 Modified LAN pinouts Updated Chapter 2: Packing List March 24, 2014 1.01 Deleted I2C information Updated Section 2.4: Optional Items January 14, 2014 1.00 Initial release Page ii PCIE-Q870-i2 PICMG 1.3 CPU Card Copyright COPYRIGHT NOTICE The information in this document is subject to change without prior notice in order to improve reliability, design and function and does not represent a commitment on the part of the manufacturer. In no event will the manufacturer be liable for direct, indirect, special, incidental, or consequential damages arising out of the use or inability to use the product or documentation, even if advised of the possibility of such damages. This document contains proprietary information protected by copyright. All rights are reserved. No part of this manual may be reproduced by any mechanical, electronic, or other means in any form without prior written permission of the manufacturer.
    [Show full text]
  • Data Communication Technologies & Architectures for Distributed Sdr Transceiver Systems
    DATA COMMUNICATION TECHNOLOGIES & ARCHITECTURES FOR DISTRIBUTED SDR TRANSCEIVER SYSTEMS Frank Van Hooft (Spectrum Signal Processing, Burnaby, BC, Canada; [email protected]) 1. INTRODUCTION some number of modem / codec / baseband processing instances. Assume greater than one for all of these. In The increasing visibility of SDR as a viable addition there is a control plane to manage the system. communications technology is driving equipment This architecture is illustrated in Figure 1. consumers to demand ever-greater performance. Today On the receive side, this subsystem receives either even the highest bandwidth & datarate waveforms are digitized IF or baseband signals, extracts multiple user candidates for SDR implementations. Coupled with a channels from these signals in the channelizer, then desire for the maximum possible number of simultaneous channels, the high-end SDR implementations can absorb forwards these channels to channel processing for all of the processing power that can physically be applied demodulation and decoding. This process is reversed on to them. the transmit side, with payload data being encoded and In concert with high processing power comes a high modulated in the channel processor and then inserted into data throughput requirement. Wide RF bandwidths and the output signal by the channelizer for transmission. In a multi-channel implementations generate massive amounts distributed transceiver architecture, the channelization and of data that must be routed in real-time between various channel processing functions are distributed across elements of the SDR system. Without reliable data paths multiple signal processing elements, with a single the SDR system could not function. Yet the datarates channelizer often supporting multiple channel processors.
    [Show full text]