Trusted Execution Technology (TXT) provides hardware-based security technologies to help build a solid foundation for security starting from system power on. It helps build chain of trust starting from CPU. It works by:
- Creating a Measured Launch Environment (MLE) that enables an accurate comparison of all the critical elements of the launch environment against a known good source.
- Creating a cryptographically unique identifier for each approved launch-enabled component and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.
- Providing the foundation on which trusted platform solutions can be built to protect against the software-based attacks that threaten integrity, confidentiality, reliability, and availability of systems.
- Intel TXT enabling - Students can follow specific instructions to enable/disable the TXT feature.
- Tboot for OS/hypervisor - Download Tboot and try to set up an attestation server to attest a client with TPM.
Supported Environment for the Project Experiment
- PC platform (CPU, chipset, BIOS, etc.) that supports TXT
- Linux distribution that supports Tboot.
References and additional links
- YouTube Video: What is Intel® Trusted Execution Technology, Intel® TXT?
- Intel® Trusted Execution Technology: White Paper
- YouTube Video: Enhancing Server and Cloud Security with Intel® Trusted Execution Technology (Intel® TXT)