beautypg.com

20 intel® vpro™ technology, Intel® vpro™ technology – Kontron COMe-bHL6 User Manual

Page 59

background image

COMe-bHL6 / Features and Interfaces

4.20 Intel® vPro™ technology

Kontron and Intel® are addressing the security and manageability challenges facing embedded systems today with the
implementation of Intel® vPro™ technology to enable: » System integrity » Secure isolation » Remote systems
management

First, system integrity is the ability to identify whether the system hardware or system software has been modified
without authorization. When a system’s integrity is known, the system can be thought of as a trusted system. Second,
secure isolation is the ability to use platform hardware to separate processes, resources, and data on the system such that
they cannot interact with each other in unintended ways. By providing hardware-assisted isolation, there is limitless
security, privacy, and cost savings that can be realized through consolidation and workload isolation. Finally, remote
systems management is the ability to troubleshoot, perform power management or system verification through secure
channels. Significant cost savings and efficiencies can be realized through remote management allowing for increased
system up time and the ability to manage or diagnose a system, even when powered down.

Intel® vPro™ technology itself is special functionality designed into both, the processor and the chipset. The three
technologies that comprise Intel® vPro™ technology are: Intel Virtualization Technology (Intel® VT), Intel Trusted
Execution Technology (Intel® TXT) and Intel Active Management Technology (Intel® AMT).

Intel® VT provides hardware-based assists making secure isolation more efficient and decreases the virtualization
footprint, lowering the effective attack surface of a solution. This hardware-based technology can help to protect
applications and information by running multiple operating systems (OSs) in isolation on the same physical system. A
virtual guest OS can be created in an entirely separate space on the physical system to run specialized or critical
applications. Virtual environments leverage Intel® VT for memory, CPU, and Directed I/O virtualization. Intel® TXT
provides the ability to use hardware-based mechanisms to verify system integrity during the boot process. It also provides
system memory scrubbing that protects against soft reset attacks. Virtualized environments take advantage of Intel® TXT
launch environment verification to establish a dynamic root of trust providing added security to hypervisor or virtual
machine monitor (VMM).

Mechanisms employed by Intel® AMT include domain authentication, session keys, persistent data storage in the Intel®
AMT hardware, and access control lists. Only firmware images that are digitally signed by Intel are permitted to load and
execute. This set of hardware-based features is targeted for businesses and allows remote access to the system, whether
wired or wireless, for management and security tasks. Because of the special hardware capabilities provided by Intel®
AMT, out of band access is available even when the OS is not functional or system power is off.

Intel® TXT and Intel® AMT are disabled by default. Please contact your local sales or
support for BIOS versions with full vPro™ support

59