Intel believes that malacious codes, viruses and other security threats may become a worry of the past. Inte"s R&D team is currently working on Trusted Execution Technlogy, previously known as LaGrande. Trusted Execution Technology or TXT will use hardware keys and subsystems to control what part of a computer"s resources can be accessed and who or what will be granted or denied access.
Going beyond the NX bit, or the Non-execution bit that is currently enabled inside recent processors from both AMD and Intel, TXT will bring a whole new dimension of security to PCs. TXT will also be able to work in a virtualized environment on systems with Intel"s VT technology. Guest operating systems will be able to take advantage of features on a TXT-enabled platform.
Intel will also provide a mechanism called Attestation for TXT, which is a self-monitoring component that ensures that the TXT system was enabled properly. Attestation will provide monitoring, as well as applications running in protected space.
Processors will have split execution spaces called partitions, similar to the concept of partitions on a hard drive. These partitions can be labeled as protected or non-protected. Standard partitions, those that are not protected, are now referred to as "legacy" partitions. A TXT-enabled processor will be able to have both a legacy and protected partition coexist together. Chipsets will also be designed with TXT technology. According to Intel, every part of a TXT-enabled platform will have the technology built in so that every pathway that is traversed by data will be able to offer a high level of security. With TXT, Intel is taking a no-compromise approach to securing data. All components of a system will be protected:
- Processor execution memory
- Processor event handling
- System memory
- Memory and chipset paths
- Storage subsystems
- Human input devices
- Graphics output
Starting fromthe use of more advanced Trusted Platform Module (TPM) chips and addingnew hardware extensions to both processors and chipsets, TXT canperform the following:
Protected Execution:This feature allows an application that has the ability to execute inan isolated environment, to be shielded from other software running onthe same platform. No other software may monitor or compromise the dataor the application in the protected environment. Plus, each applicationrunning in PE mode has its own physically dedicated resources from boththe processor and system chipset.
Sealed Storage:The new advanced TPM chips are able to store and encrypt keys inhardware. Only the same system that the TPM is integrated into candecrypt the keys. Any attempts at copying data out of the TPM willresult in scrambling.
Protected Input: Intel isdeveloping mechanisms that will prevent unauthorized monitoring ofhuman input devices such as mouse clicks and keyboard strokes. Not onlywill traditional input devices be encrypted, but data traversing theUSB bus will also be encrypted too.
Protected Graphics:applications that are running in the PE environment will have itsgraphics path encrypted. Data being sent to a graphics card"s framebuffer from an application will be encrypted and cannot be observed byunauthorized code. For example, a particular notice box popping up canbe encrypted, while other windows remain unprotected.
Protected Launch:this part of TXT will control and protect critical parts of theoperating system and other system related components from beingcompromised during launch. OS kernel components for example areprotected during and after launch.