Intel BX80635E52697V2 Manual Do Utilizador
Intel® Xeon® Processor E5-1600 v2/E5-2600 v2 Product Families
81
Datasheet Volume One of Two
Technologies
The architecture consists of six instructions that offer full hardware support for AES.
Four instructions support the AES encryption and decryption, and the other two
instructions support the AES key expansion. Together, they offer a significant increase
instructions support the AES key expansion. Together, they offer a significant increase
in performance compared to pure software implementations.
The AES instructions have the flexibility to support all three standard AES key lengths,
all standard modes of operation, and even some nonstandard or future variants.
Beyond improving performance, the AES instructions provide important security
benefits. Since the instructions run in data-independent time and do not use lookup
benefits. Since the instructions run in data-independent time and do not use lookup
tables, they help in eliminating the major timing and cache-based attacks that threaten
table-based software implementations of AES. In addition, these instructions make AES
simple to implement, with reduced code size. This helps reducing the risk of
simple to implement, with reduced code size. This helps reducing the risk of
inadvertent introduction of security flaws, such as difficult-to-detect side channel leaks.
3.2.4
Execute Disable Bit
Intel's Execute Disable Bit functionality can help prevent certain classes of malicious
buffer overflow attacks when combined with a supporting operating system.
buffer overflow attacks when combined with a supporting operating system.
• Allows the processor to classify areas in memory by where application code can
execute and where it cannot.
• When a malicious worm attempts to insert code in the buffer, the processor
disables code execution, preventing damage and worm propagation.
3.3
Intel® Secure Key
This was formerly known as Digital Random Number Generator (DRNG).
The processor supports an on-die digital random number generator (DRNG). This
implementation is based on the ANSI X9.82 2007 draft and the NIST SP800-90
specification.
specification.
The X9.82 standard describes two components necessary to generate high quality
random numbers: an Entropy Source and a Deterministic Random Bit Generator
(DRBG). The Entropy Source is also referred to as a Non-Deterministic Random Bit
(DRBG). The Entropy Source is also referred to as a Non-Deterministic Random Bit
Generator (NRBG).
3.4
Intel® OS Guard
This was formerly known as Supervisor Mode Execution Protection (SMEP)
Supervisor Mode Execution Protection Bit (SMEP) prevents execution and calls to the
operating system by compromised application in the user mode or code pages. This
operating system by compromised application in the user mode or code pages. This
also allows additional malware protection over existing Intel XD bit technology.
3.5
Intel® Hyper-Threading Technology
The processor supports Intel® Hyper-Threading Technology (Intel® HT Technology),
which allows an execution core to function as two logical processors. While some
which allows an execution core to function as two logical processors. While some
execution resources such as caches, execution units, and buses are shared, each
logical processor has its own architectural state with its own set of general-purpose
registers and control registers. This feature must be enabled via the BIOS and requires
registers and control registers. This feature must be enabled via the BIOS and requires
operating system support.