Техническая Спецификация для Intel E3845 FH8065301487715
Модели
FH8065301487715
Processor Core
Intel
®
Atom™ Processor E3800 Product Family
Datasheet
271
— A VM Virtual Processor ID is used to tag processor core hardware structures
(such as TLBs) to allow a logic processor to cache information (such as TLBs) for
multiple linear address spaces
multiple linear address spaces
— This avoids flushes on VM transitions to give a lower-cost VM transition time and
an overall reduction in virtualization overhead
•
Guest Preemption Timer
— Mechanism for a VMM to preempt the execution of a guest OS VM after an
amount of time specified by the VMM. The VMM sets a timer value before
entering a guest.
entering a guest.
— The feature aids VMM developers in flexibility and Quality of Service (QoS)
guarantees flexibility in guest VM scheduling and building Quality of Service
(QoS) schemes
(QoS) schemes
•
Descriptor-Table Exiting
— Descriptor-table exiting allows a VMM to protect a guest OS from internal
(malicious software based) attack by preventing relocation of key system data
structures like IDT (interrupt descriptor table), GDT (global descriptor table),
LDT (local descriptor table), and TSS (task segment selector)
structures like IDT (interrupt descriptor table), GDT (global descriptor table),
LDT (local descriptor table), and TSS (task segment selector)
— A VMM using this feature can intercept (by a VM exit) attempts to relocate these
data structures and prevent them from being tampered by malicious software
•
VM Functions
— A VM function is an operation provided by the processor that can be invoked
using the VMFUNC instruction from guest VM without a VM exit
— A VM function to perform EPTP switching is supported and allows guest VM to
load a new value for the EPT pointer, thereby establishing a different EPT paging
structure hierarchy
structure hierarchy
11.1.2
Security and Cryptography Technologies
11.1.2.1
Advanced Encryption Standard New Instructions (AES-NI)
The processor supports Advanced Encryption Standard New Instructions (AES-NI) that
are a set of Single Instruction Multiple Data (SIMD) instructions that enable fast and
secure data encryption and decryption based on the Advanced Encryption Standard
(AES). AES-NI are valuable for a wide range of cryptographic applications, for example:
applications that perform bulk encryption/decryption, authentication, random number
generation, and authenticated encryption. AES is broadly accepted as the standard for
both government and industry applications, and is widely deployed in various protocols.
are a set of Single Instruction Multiple Data (SIMD) instructions that enable fast and
secure data encryption and decryption based on the Advanced Encryption Standard
(AES). AES-NI are valuable for a wide range of cryptographic applications, for example:
applications that perform bulk encryption/decryption, authentication, random number
generation, and authenticated encryption. AES is broadly accepted as the standard for
both government and industry applications, and is widely deployed in various protocols.
AES-NI consists of six Intel
®
SSE instructions. Four instructions, namely AESENC,
AESENCLAST, AESDEC, and AESDELAST facilitate high performance AES encryption and
decryption. The other two, AESIMC and AESKEYGENASSIST, support the AES key
expansion procedure. Together, these instructions provide a full hardware for support
AES, offering security, high performance, and a great deal of flexibility.
decryption. The other two, AESIMC and AESKEYGENASSIST, support the AES key
expansion procedure. Together, these instructions provide a full hardware for support
AES, offering security, high performance, and a great deal of flexibility.