6.3.1 Intel® OS Guard
6.3.4 Intel® Secure Key
6.4.1 Intel® VT FlexMigration
6.4.2 Intel® VT FlexPriority
6.4.5 VT Real Mode
6.5.1 Intel® Composer XE 2013
The Intel® Atom® processor C2000 product family, formerly codenamed “Avoton”, is Intel’s second generation 64-bit server System on Chip (SoC) and is manufactured in Intel’s low power SoC 22nm process. The Intel® Atom® processor C2000 product family is based on next-generation Intel® Atom® processor, formerly codenamed “Silvermont”, which focuses on enabling high density with high performance providing 2, 4, and 8 core product models at 6-20 Watts of power consumption. In addition the Intel® Atom® processor C2000 product family includes an extension of the base product line focused on communications, formerly codenamed “Rangeley”.
The data center environment is diversifying both in terms of the infrastructure and the market segments including storage, communications, cloud, HPC, and traditional enterprise. Each area has a unique requirement which is providing an opportunity for targeted solutions to best cover these needs. The Intel® Atom® processor C2000 product family extends Intel’s existing portfolio of products that service the cloud service providers. The Intel® Atom® processor C2000 product family is optimized for parallel software that benefit most from more individual servers with sufficient I/O between nodes including static web servers,simple content delivery node, distributed memory caching (memcached), entry dedicated hosting, cold storage, and any of the afore-mentioned uses that have an additional need for acceleration of cryptographic communications such as entry level security appliances and switches.
The microserver is comprised of many small one socket servers sharing a chassis, fans, power supplies and a common interconnect to achieve improved flexibility, higher efficiency and density. Microservers based on Intel® Atom® C2000 SoC node can meet different usage models, such as combined with lots of disk storage to provide a cold storage solution or combined with the Intel® Ethernet Switch FM5224 to provide a low power, high density network solution.
Up to four Intel® Atom® SoC nodes can be added on to a Server System Infrastructure (SSI) module. Multiple SSI modules can be added to a single microserver chassis to expand the number of accessible nodes. This allows for optimization of rack density as compared to other single unit servers. Figure1 is a representation of the microserver at a high level.
Figure 1 High level overview of how the Intel® Atom® SoC nodes integrate into a microserver.
Figure 2 shows a block diagram of the Intel® Atom® processor C2000 product family microarchitecture. Note the block outlined in red is the optional communications component that provides enhanced communications features
Fig 2 Block diagram of the Intel® Atom® processor C2000 product family architecture
Some of the new features that come with SoC microarchitecture, which provide improvements over the previous generation of the Intel® Atom® processor S1200 product family include:
1. 22 nanometer process technology providing an improved power envelope and form factor
2. Processor performance enhancements
1. Faster processor speed, up to 2.6 Ghz with Turbo enabled
2. Shared 1MB Level 2 Cache
3. Out of Order instruction execution pipeline
3. I/O performance enhancements
1. Up to 25.6GB/s Bandwidth via “Silvermont” System Agent
The Intel® Atom® processor C2000 product family has a subset of server products that include enhanced communications features. This communications focused product line codenamed “Rangeley” extends the base Intel® Atom® processor C2000 product family with communications reliability profile, longer product lifecycle, enhanced thermal profiles, and Intel® QuickAssist Technology to accelerate cryptographic workloads. The product models that have some or all of the additional communications capabilities can be identified by an 8 at the end of the product model number (i.e. C2758, C2738, etc.), whereas the base product model numbers will end in 0 (i.e. C2750, C2730, etc.).
The enhanced communications features are made possible through innovations in software and hardware. The Intel® QuickAssist Technology hardware as shown in Figure 2 when combined with software optimized with the Intel® Data Plane Development Kit (Intel® DPDK) provides acceleration for communications workloads.
Intel® QuickAssist Technology is enabled for direct access or via open source frameworks. The integrated hardware acceleration includes support for Ciphers: AES, DES/3DES, Kasumi, RC4, Snow3G; Authentication: MD5, SHA1, SHA2, AES-XCBC; Public Key: Diffie-Hellman, RSA, DSA, ECC
For more information Intel® QuickAssist Technology see http://www.intel.com/content/www/us/en/io/quickassist-technology/quickassist-technology-developer.html?wapkw=quick+assist+technology
For more information on Intel® Data Plane Development Kit see http://www.intel.com/content/www/us/en/communications/embedded-data-plane-development-kit-video.html and http://www.intel.com/content/www/us/en/intelligent-systems/intel-technology/dpdk-packet-processing-ia-overview-presentation.html
The Intel® Atom® processor C2000 product family provides advantages over its predecessor the Intel® Atom® SoC S1200 product family, formerly codenamed “Centerton” by adding additional cores, a larger cache size, greater memory capacity and speed, and more. Table 1 below shows a comparison of the product families.
Table 1 Comparison of the Intel® Atom® SoC S1200 product family to the Intel® Atom® processor C2000 product family
Intel® Atom® processor product family
Silicon Core Size
Core / Thread Count
Up to 2 cores / 4 threads
Up to 8 cores / 8 threads
Up to 2GHz
Up to 2.4GHz (2.6GHz with Turbo )
1MB shared per 2 cores
Out of Order
SoC Thermal Design Power
6.1 - 8.1W
6W - 20W
Idle Power, C States
<500 mW, C1/C2/C4/C6
<500 mW, C0-C6
1 Channel, 2 DIMM/ch, 1333 DDR3/L
8GB Max capacity
2 Channels, 2 DIMM/ch, 1600 DDR3/L
64GB Max capacity
SODIMM, UDIMM, VLP UDIMM
IO: PCI Express* (PCIe) lanes
Integrated 8 PCIe G2
Integrated 16 PCIe G2
Integrated 4 x1 GbE/2.5GbE
IO: SATA ports
Integrated 4 SATA2, 2 SATA3 (6 Total)
IO: USB ports
Integrated 4 USB2
VT-x, VT-x2, VT-Real Mode, EPT
1 BMC per node
1 MMC per 4 nodes
2 nodes per Server System Infrastructure module
4 nodes per Server System Infrastructure module
The rest of this paper discusses some of the new features in the Intel® Atom® processor C2000 product family. Some of these features may exist in other Intel processor families but are new to Intel® Atom® SoC product family.
Figure 3 Intel® Atom® processor C2000 Product Family Overview
6.1.2 TSC (Time Stamp Counter) Deadline Timeris an APIC (Advanced Programmable Interrupt Controller) Timer Mode that allows software to interrupt with increased timing precision making it easier to avoid or handle race conditions.
For more information on how to access the timer see the
6.1.3 POPCNTprovides a single instruction that can be effectively used to accelerate searches involving large data sets. It works by counting the number of set bits in a data object. Applications that could benefit from this instruction include those involving genome mining, handwriting recognition, digital health workloads, and fast hamming distance/population count.
For more information on POPCNT, and Intel® SSE2, SSE3, SSSE3, SSE4.1, SSE4.2 see the appropriate Intrinsics Guide:
6.1.4 PREFETCHWinstruction is merely a hint and does not affect program behavior. If executed, this instruction moves data closer to the processor and invalidates any other cached copy in anticipation of the line being written to in the future.
This instruction fetches the cache line of data from memory that contains the byte specified with the source operand to a location in the 1st or 2nd level cache and invalidates all other cached instances of the line. The source operand is a byte memory location. (Use of any ModR/M value other than a memory operand will leadto unpredictable behavior.) If the line selected is already present in the lowest level cache and is already in anexclusively owned state, no data movement occurs. Prefetches from non-writeback memory are ignored.
The C/C++ Compiler Intrinsic Equivalent for PREFETCHW is
void _m_prefetchw( void * );
For more info on PREFETCHW see theIntel® Architecture Instruction Set Extensions Programming Reference
6.2.1 Power Aware Interrupt Routing (PAIR) is enabled by the silicon and power utilization willvary depending on which BIOS power and performance mode is chosen. Choosing Performance mode causes interrupt requests to be routed to idle cores for servicing thus improving performance at the expense of power. Choosing Power efficiency mode causes interrupt requests to be routed to active cores thus optimizing power at the expense of performance.
Some common usages for RAPL include:
Manage Rack Power
• Increase overall node density (fit more systems into a fixed power budget)
• Limit rack power to meet constrained power envelope
• Manage performance across multiple nodes (balancing power requirements across nodes dynamically based on workload)
Enforce Power Limits and Thermal Limits at the Platform, Rack, and Data Center levels
• Platform/data center has power/thermal limits
• Power constraints (per module and node)
• Power monitoring
• Performance feedback
• Determine the per node power budget based on provided policies and provide each node with its RAPL limits over PECI
• Monitors nodes to rebalance power limits
• Statically control node thermal and electrical limits
For more details on RAPL seeIntel® 64 and IA-32 Architectures Software Developer’s Manual: Volumes 1, 2, and 3
For examples on working with RAPL see:
6.3.1 Intel® OS Guardprevents instruction execution from user mode memory pages while the CPU is in supervisor mode. Intel® OS Guardhelps to prevent common attacks that seek to use privilege escalation to gain control of a platform or execute malware.
Figure 4 Example execution of code on systems with and without Intel® OS Guard enabled
The following minimum operating system versions are supported:
• RHEL* 6.2
• SLE11* SP2
• Ubuntu* 11.10
Note: Intel® OS Guard is available in both 32 and 64 bit operating modes.
The following minimum virtual machine manager versions are supported:
- Xen:* SLE11* SP2
- KVM*: RHEL* 6.3
- SLE11* SP3
- Ubuntu* 11.10
Note: You will need to enable CPUID-based pass-through support to guests
6.3.2 Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI)Advanced Encryption Standard is an encryption standard adopted by the U.S. government starting in 2001. It is widely used across the software ecosystem to protect network traffic, personal data, and corporate IT infrastructure. AES is a symmetric block cipher that encrypts/decrypts data through several rounds. The Intel® Atom® processor C2000 product family includes a set of new instructions. The instructions were designed to implement some of the complex and performance intensive steps of the AES algorithm using hardware and thus accelerating the execution of the AES algorithms.
Intel® AES-NIinstructions include:
• Key Generation
Some of the benefits of Intel® AES-NIinclude faster, more efficient cryptographic performance and robust security against software side channel attacks. This is because all computation is done by hardware, requiring no table lookups, and unlike with software, this implementation in hardware negates the need to trade off performance for robustness.
Supported compliers that include these instructions are: GCC/G++ (starting with version 4.4), Intel® C/C++ compiler (starting with version 11.1), Microsoft Visual C++ (starting with 2008 SP1)
Supported Libraries: Open SSL (starting with version V1.0), Intel® Integrated Performance Primitives crypto (starting with version V6.1), Microsoft Cryptography API: Next Generation (supported with Windows 7 and later operating systems)
For additional resources on Intel® AES-NI see the following resources:
- Intel® 64 and IA-32 Architectures Software Developer Manuals
- “Securing the Enterprise with Intel® AES-NI”
- “Intel® Advanced Encryption Standard (AES) Instructions Set – Rev 3.01”
- “Breakthrough AES Performance with Intel® AES New Instructions”
- “Intel® Advanced Encryption Standard Instructions (AES-NI)”
6.3.3 PCLMULQDQ is an additional instruction that compliments Intel® AES-NI. PCLMULQDQ is designed to do carry-less multiplication for GCM algorithms, which allows for more instructions to be executed in parallel and a reduction in the time it takes to complete the calculation. For code examples using PCLMULQDQ see Intel® Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode - Rev 2.01 For an example of using PCLMULQDQ with elliptic curve cryptography seePCLMULQDQ Instruction and Elliptic Curve Cryptography
For additional information on PCLMULQDQ seeIntel® 64 and IA-32 Architectures Software Developer Manuals
6.3.4 Intel® Secure Key was previously code-named “Bull Mountain Technology”. It is the Intel name for the Intel 64 and IA-32 Architectures instruction RDRAND and its underlying Digital Random Number Generator (DRNG) hardware implementation. Among other things, the DRNG uses the RDRAND instruction for generating high-quality, high-performance entropy and random number generation keys for cryptographic protocols.
Figure 5 Intel® Secure Keyarchitecture block diagram
Some of the benefits of Intel® Secure Key include:
- Prevents RNG based attacks and increases cryptographic robustness
- Compliant with ANSI X9.82, NIST SP800-90A and certifiable to FIPS-140-2
- Uses thermal noise within the silicon as entropy source
- Accessible through the new Intel 64 RDRAND instruction
- Returns a random number (16, 32, or 64 bit) to the destination register
- Available at all privilege levels/operating modes
- Carry Flag needs to be checked if random value is available
- Enumerated via CPUID.1.ECX
- Is implemented in hardware as part of the processor
- Entropy source executes at processor clock speeds
- No system I/O or off-chip latencies
- Is scalable to support heavy server application workloads and multiple VMs
Supported Operating Systems are: Ubuntu* (starting with version 10.04), Fedora* (starting with version 15), SUSE* Enterprise Server (starting with version 11 SP1), Apple OS X* (starting from 10.5.8), Microsoft Windows* (XP, Vista, 7, 8, 2003, 2008, and 2012)
Supported Software: Intel® C++ Compiler as intrinsics (starting version 12.1), Microsoft Visual Studio* 2012 and GCC* 4.6, Cryptographic libraries (OpenSSL 1.0.1)
For additional resources on Intel® Secure Key see:
- Intel Digital Random Number Generator (DRNG) Software Implementation Guide
- What is Intel(r) Secure Key Technology?
- Manageability & Security Development Forum
Intel® Virtualization Technology combines with software-based virtualization solutions to provide maximum system utilization by consolidating multiple environments into a single server or PC. By abstracting the software away from the underlying hardware, new usage models open up that can reduce costs, increase management efficiency, and strengthen security, while making your computing infrastructure more resilient in the event of a disaster. The following virtualization capabilities have been included with the Intel® Atom® processor C2000 Product Family.
6.4.1 Intel® VT FlexMigration is a feature of Intel Virtualization Technology (VT) that enables you to build one compatible virtualization pool and conduct live virtual machine (VM) migration across all Intel® Core™ microarchitecture-based servers. It gives you the power to choose the right server platform to best optimize performance, cost, power, and reliability. Combined with support from a virtualization software provider, this feature allows IT to maximize flexibility by providing the ability to build a single live migration compatibility pool with multiple generations of Intel processor-based servers.
6.4.2 Intel® VT FlexPriority is a processor extension that optimizes virtualization software efficiency by improving interrupt handling. Intel VT FlexPriority is enabled when you enable the Intel VT extensions. Like most hardware features, Intel VT FlexPriority must be enabled by the hypervisor or virtual machine monitor (VMM), which allows multiple operating systems to run concurrently on a host computer.
Intel VT FlexPriority eliminates most VM exits due to guest task priority register access. This reduces the virtualization overhead and improves I/O throughput.
6.4.3 Extended Page Table (EPT) - Typical Intel® Architecture 32-page tables (referenced by control register CR3) translate from linear addresses to guest-physical addresses. With the Extended Page Table (EPT) feature, a separate set of page tables (EPTs) translate from guest-physical addresses to host-physical addresses that are used to access memory. As a result, the guest OS can be allowed to modify its own page tables and directly handle page faults. This allows a VMM to avoid the VM exits associated with page-table virtualization, which is a major source of virtualization overhead without EPT.
6.4.4 Virtual Processor IDs (VPID) - Traditionally, every time a hypervisor switched execution between different virtual machines, the virtual machine and its data structure had to be flushed out of the transition look-aside buffers (TLB) associated with the CPU caches, since the hypervisor had no information on which cache line was associated with any particular virtual machine. When VPID is active the virtual machine the TLB is no longer flushed.
6.4.6 VMFUNCis part of the virtual machine extensions (VMX), which enables guest code to invoke the VM function. The instruction allows software in VMX non-root operation to invoke a VM function, which is processor functionality enabled and configured by software in VMX root operation, no VM exit occurs.
For more information on VMFUNC see
- Intel® 64 and IA-32 Architectures Software Developer’s Manual
- Contact your VMM provider for support information about supported virtual machine packages.
- Intel® 64 and IA-32 Architectures Software Developer’s Manual - Intel VT-x specifications and functional descriptions are included in the Volume 3B
- Enabling Intel® Virtualization Technology Features and Benefits – Provides a list of supported Independent Software Vendors
• -xSSSE3_ATOM (Linux) /QxSSSE3_ATOM (Windows) - May generate MOVBE instructions for Intel® processors, depending on the -minstruction setting (Linux* OS and OS X*) or /Qinstruction (Windows* OS). May also generate SSSE3, Intel® SSE3, SSE2, and SSE instructions for Intel processors. Optimizes for Intel processors that support MOVBE instructions.
• -march=atom - Generates code for processors that support MOVBE instructions, depending on the -minstruction setting (Linux* OS and OS X*) or /Qinstruction (Windows* OS). May also generate code for SSSE3 instructions and Intel® SSE3, SSE2, and SSE instructions.
• __declspec(cpu_dispatch(atom)) - syntax in your code to provide a list of targeted processors along with an empty function body/function stub. Use the __declspec(cpu_specific(cpuid)) in your code to declare each function version targeted at particular type[s] of processors.
Intel Instruction Set Architecture continues to evolve to improve functionality, performance and the user experience. For information on new extensions to the Intel instruction set acrhitecture as well as those being planned for enhancements in future generations of processors, see Intel Instruction Set Architecture Extensions.
For additional information on Intel microservers see http://www.intel.com/content/www/us/en/servers/microservers.html
For additional information on “Rangeley” see http://www.intel.com/content/www/us/en/intelligent-systems/rangeley/atom-c2000-product-family-based-platforms-overview.html
The Author: David Mulnix is a software engineer and has been with Intel Corporation for over 15 years. His areas of focus have included software automation, server power and performance analysis, and cloud security.
1“See the Processor Spec Finder at http://ark.intel.comor contact your Intel representative for more information.”
2Requires a system with Intel® Turbo Boost Technology. Intel Turbo Boost Technology and Intel Turbo Boost Technology 2.0 are only available on select Intel® processors. Consult your PC manufacturer. Performance varies depending on hardware, software, and system configuration. For more information, visit http://www.intel.com/go/turbo
3 Intel® Secure Key requires a computer system with a 3rd generation Intel® Core™ i5 or i7 processor, as well as non-Intel software to execute the instructions in the correct sequence. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
4 Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, and virtual machine monitor (VMM). Functionality, performance or other benefits will vary depending on hardware and software configurations. Software applications may not be compatible with all operating systems. Consult your PC manufacturer. For more information, visit http://www.intel.com/go/virtualization
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANY APPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.
The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.
Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations, and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.
Any software source code reprinted in this document is furnished under a software license and may only be used or copied in accordance with the terms of that license.
Intel, the Intel logo, Atom, Core, and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries.
Copyright © 2013 Intel Corporation. All rights reserved.
*Other names and brands may be claimed as the property of others.