Trusted compute pools with Intel® Trusted Execution Technology (Intel® TXT)1 support IT compliance by protecting virtualized data centers’ private, public, and hybrid clouds against attacks toward hypervisor and BIOS, firmware, and other pre-launch software components.
A feature of the Intel® Xeon® processor, Intel TXT establishes a root of trust through measurements when the hardware and pre-launch software components are in a known good state. Utilizing the result, administrators can set policies for sensitive data and workload placement onto groups of servers known as trusted compute pools.
With Intel TXT, you can:
A piece of manufacturing equipment is compromised, possibly infected with a virus from the network, USB flash drive, or an illegal peripheral. One solution is to stop the system from booting when the virus is activated, which causes the software or hardware configuration to diverge from the trusted state. This is achievable with Intel TXT, which compares the hash of the trusted state with the current state and blocks system startup when differences are detected.
Many cybercriminals try to breach application software and databases used by retailers and banks, looking to profit from accessing sensitive information, like bank records or credit card numbers. Using Intel TXT, original equipment manufacturers (OEMs) can put software and data out of reach of hackers by giving applications and operating systems higher software privileges, permission granted only by system developers. As a result, code and data are stored in hardware-secured memory regions, inaccessible to malware. OEMs and system administrators can create a list that defines which software is allowed to load and run on the system.
1. No computer system can provide absolute security under all conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a computer with Intel® Virtualization Technology, an Intel TXT-enabled processor, chipset, BIOS, Authenticated Code Modules, and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit www.intel.com/content/www/us/en/data-security/security-overview-general-technology.html.