You are previewing Intel® Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters.
O'Reilly logo
Intel® Trusted Execution Technology for Server Platforms: A Guide to More Secure Datacenters

Book Description

"This book is a must have resource guide for anyone who wants to ... implement TXT within their environments. I wish we had this guide when our engineering teams were implementing TXT on our solution platforms!"

John McAuley,EMC Corporation

"This book details innovative technology that provides significant benefit to both the cloud consumer and the cloud provider when working to meet the ever increasing requirements of trust and control in the cloud."

Alex Rodriguez, Expedient Data Centers

"This book is an invaluable reference for understanding enhanced server security, and how to deploy and leverage computing environment trust to reduce supply chain risk."

Pete Nicoletti. Virtustream Inc.

Intel® Trusted Execution Technology (Intel TXT) is a new security technology that started appearing on Intel server platforms in 2010. This book explains Intel Trusted Execution Technology for Servers, its purpose, application, advantages, and limitations. This book guides the server administrator / datacenter manager in enabling the technology as well as establishing a launch control policy that he can use to customize the server's boot process to fit the datacenter's requirements. This book explains how the OS (typically a Virtual Machine Monitor or Hypervisor) and supporting software can build on the secure facilities afforded by Intel TXT to provide additional security features and functions. It provides examples how the datacenter can create and use trusted pools.

With a foreword from Albert Caballero, the CTO at Trapezoid.

What you'll learn

  • It explains why TXT is important and the underlying principles (why it is effective).

  • How to enable and provision TXT

  • How to create a Launch Control Policy. It discusses trade-offs in determining the right policy for the datacenter, and walks the reader through the process for establishing the policy.

  • Demonstrates how to set up and use trusted pools and other advanced concepts such as geo-tagging.

  • It walks the reader through the process of making Intel TXT work for them and understand that TXT is a building block for current and future enhanced security concepts.

Who this book is for

The primary audience is the Datacenter Manager and members of an IT organization. It will be valuable to executives that need to understand enhanced server security and will provide a guide to OSVs and ISVs not only to understand the application of TXT but also the new opportunities that TXT enables and ways that the OS and applications can take advantage of those new capabilities. This book applies to cloud computing since TXT can be used to provide additional security for both public and private clouds.

Table of Contents

  1. Title Page
  2. About ApressOpen
  3. Dedication
  4. Contents at a Glance
  5. Contents
  6. Foreword
  7. About the Authors
  8. Acknowledgments
  9. Introduction
  10. CHAPTER 1: Introduction to Trust and Intel Trusted Execution Technology
    1. Why More Security?
    2. Types of Attacks
    3. What Is Trust? How Can Hardware Help?
    4. What Is Intel Trusted Execution Technology?
    5. Finding Value in Trust
    6. What Intel TXT Does Not Do
    7. Enhancements for Servers
    8. Roles and Responsibilities
  11. CHAPTER 2: Fundamental Principles of Intel TXT
    1. What You Need: Definition of an Intel TXT–Capable System
    2. The Role of the Trusted Platform Module (TPM)
    3. Cryptography
    4. Why It Works and What It Does
    5. Launch Control Policy
    6. Sealing
    7. Attestation
    8. Summary
  12. CHAPTER 3: Getting It to Work: Provisioning Intel TXT
    1. Provisioning a New Platform
    2. BIOS Setup
    3. Establish TPM Ownership
    4. Install a Trusted Host Operating System
    5. Create Platform Owner’s Launch Control Policy
    6. Summary
  13. CHAPTER 4: Foundation for Control: Establishing Launch Control Policy
    1. Quick Review of Launch Control Policy
    2. When Is Launch Control Policy Needed?
    3. Platform Configuration (PCONF) Policy
    4. Specifying Trusted Platform Configurations
    5. Specifying Trusted Host Operating Systems
    6. Options and Tradeoffs
    7. Managing Launch Control Policy
    8. Strategies
    9. Impact of Changing TPM Ownership
    10. Decision Matrix
  14. CHAPTER 5: Raising Visibility for Trust: The Role of Attestation
    1. Attestation: What It Means
    2. Attestation Service Components
    3. Attestation in the Intel TXT Use Models
    4. Enabling the Market with Attestation
    5. OpenAttestation
    6. Mt. Wilson
    7. How to Get Attestation
  15. CHAPTER 6: Trusted Computing: Opportunities in Software
    1. What Does “Enablement” Really Mean?
    2. Platform Enablement: The Basics
    3. Platform Enablement: Extended
    4. Operating System and Hypervisor Enablement
    5. Enablement at Management and Policy Layer
    6. Enablement at the Security Applications Layer
  16. CHAPTER 7: Creating a More Secure Datacenter and Cloud
    1. When Datacenter Meets the Cloud
    2. The Cloud Variants
    3. Cloud Delivery Models
    4. Intel TXT Use Models and the Cloud(s)
    5. The Trusted Launch Model
    6. Trusted Compute Pools: Driving the Market
    7. Extended Trusted Pools: Asset Tags and Geotags
    8. Compliance: Changing the Landscape
  17. CHAPTER 8: The Future of Trusted Computing
    1. Trust Is a Foundation
    2. Is There Enough to Trust?
  18. Index