IBM Intel Xeon E5-2637 49Y8125 User Manual
Product codes
49Y8125
Technologies
82
Intel® Xeon® Processor E5-1600/E5-2600/E5-4600 Product Families
Datasheet Volume One
These extensions enhance two areas:
• The launching of the Measured Launched Environment (MLE).
• The protection of the MLE from potential corruption.
• The protection of the MLE from potential corruption.
The enhanced platform provides these launch and control interfaces using Safer Mode
Extensions (SMX).
The SMX interface includes the following functions:
• Measured/Verified launch of the MLE.
• Mechanisms to ensure the above measurement is protected and stored in a secure
• Mechanisms to ensure the above measurement is protected and stored in a secure
location.
• Protection mechanisms that allow the MLE to control attempts to modify itself.
For more information refer to the Intel® Trusted Execution Technology Software
Development Guide.
Development Guide.
3.2.2
Intel Trusted Execution Technology – Server Extensions
• Software binary compatible with Intel Trusted Execution Technology Server
Extensions
• Provides measurement of runtime firmware, including SMM
• Enables run-time firmware in trusted session: BIOS and SSP
• Covers support for existing and expected future Server RAS features
• Only requires portions of BIOS to be trusted, for example, Option ROMs need not
• Enables run-time firmware in trusted session: BIOS and SSP
• Covers support for existing and expected future Server RAS features
• Only requires portions of BIOS to be trusted, for example, Option ROMs need not
be trusted
• Supports S3 State without teardown: Since BIOS is part of the trust chain
3.2.3
Intel® Advanced Encryption Standard Instructions
(Intel® AES-NI)
These instructions enable fast and secure data encryption and decryption, using the
Intel® AES New Instructions (Intel® AES-NI), which is defined by FIPS Publication
Intel® AES New Instructions (Intel® AES-NI), which is defined by FIPS Publication
number 197. Since Intel AES-NI is the dominant block cipher, and it is deployed in
various protocols, the new instructions will be valuable for a wide range of applications.
The architecture consists of six instructions that offer full hardware support for Intel
AES-NI. Four instructions support the Intel AES-NI encryption and decryption, and the
other two instructions support the Intel AES-NI key expansion. Together, they offer a
significant increase in performance compared to pure software implementations.
significant increase in performance compared to pure software implementations.
The Intel AES-NI instructions have the flexibility to support all three standard Intel
AES-NI key lengths, all standard modes of operation, and even some nonstandard or
future variants.
future variants.
Beyond improving performance, the Intel AES-NI instructions provide important
security benefits. Since the instructions run in data-independent time and do not use
security benefits. Since the instructions run in data-independent time and do not use
lookup tables, they help in eliminating the major timing and cache-based attacks that
threaten table-based software implementations of Intel AES-NI. In addition, these
instructions make AES simple to implement, with reduced code size. This helps
instructions make AES simple to implement, with reduced code size. This helps
reducing the risk of inadvertent introduction of security flaws, such as difficult-to-
detect side channel leaks.