Intel promises enhanced trusted computing in virtualization with vPro

Posted by Rick C. Hodgin

Santa Clara (CA) - Intel announced today an extended platform technology which has the potential to make computer viruses and successful hacker attacks in virtualized environments a thing of the past.  Comprised of several component technologies working together, this latest revision even allows the CPU to execute safely despite possible system flaws.  Issues like inoperable operating systems or damaged hard drives can be recovered from remotely without physical machine interaction.  vPro just might make personal visits from the IT department a thing of the past.

 

This technology could almost be viewed as a form of DRM as it requires many trusted devices in implementation.  Whereas DRM today typically obtains its use limits through hard-coded content in the media, software or runtime Internet connections, this new solution introduces a form of DRM into a software-programmable hardware layer.  Intel's Trusted Execution Technology (TXT, formerly codenamed LaGrande) is extended to protect virtualized computing environments by partitioning off assigned memory areas behind logical barriers.  This process works with Intel's new Virtualization Technology (IVT) for Directed I/O.  These new barriers prohibit hypervisor-level viruses from attempting to access protected memory.

 

Intel's vPro also introduces a new generation of Active Management Technology (AMT), allowing for PCs to be repaired remotely even if the OS has crashed or if the PC is turned off.  It does this by adhering to draft industry standards which Intel believes will be accepted.  These include the Distributed Management Task Force (DASH) interoperability specification draft 1.0 and Web Services Management (WS-MAN).  vPro also includes an enhanced System Defense filter system which can identify a wider range of traffic flow threats.  There is also an embedded trust agent which can be used even if the machine is off or the OS has crashed.  It is OS-independent and the first certified for use by Cisco for 802.1x manageability.

 

vPro uses a new Core 2 Duo processor with this hardware support enabled, coupled to their Q35 Express chipset and several trusted motherboard devices including BIOS and OS/software support.  According to Intel, when this is all working together, this platform provides performance increases, power reductions and the enhanced trusted computing environment described above.  Several major computer makers produce desktop PCs with vPro technology.  If widely adopted, this new extension of that technology should set the standard for trusted computing in virtualized environments.