Intel places Platform Firmware Resilience root-of-trust code for Intel® MAX® 10 FPGAs into public domain on GitHub to protect 3rd Gen Intel® Xeon® Processor Platforms
Intel® Platform Firmware Resilience (PFR) is an FPGA-based root-of-trust security solution designed for the Intel® MAX® 10 FPGA that helps protect various system components within a 3 rd Gen Intel® Xeon® Processor Platform. Intel PFR helps to protect against Permanent Denial of Service (PDoS) attacks, which can alter the platform firmware and potentially brick the server. It does this by verifying the integrity of platform firmware images before any firmware code is executed on the platform and by monitoring and filtering malicious traffic on system buses. In addition, Intel PFR can restore corrupted firmware automatically from a protected known-good recovery image. This capability is an available option for those looking for an integrated security solution that may not otherwise be available from their platform vendor of choice. Intel has contributed the code for the Intel PFR design to GitHub. Intel is committed to open sourcing its root-of-trust solution to provide transparency to its industry partners. Implementing the platform root of trust with the Intel MAX 10 FPGA provides a very customizable and highly transparent security solution. Intel has contributed Intel PFR to the industry as another platform root-of-trust option for system builders. For more information about Intel PFR for 3 rd Gen Intel Xeon Processor Platforms, click here. Notices and Disclaimers Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.Intel® FPGA enables new levels of security for 3rd Generation Intel® Xeon® Scalable CPU (code named Ice Lake) Server Platform
Earlier this month Intel released details about several new security technologies associated with the upcoming 3rd Generation Intel® Xeon® Scalable processor (code-named “Ice Lake”) server platform. These technologies include: Intel® Software Guard Extension (Intel® SGX), a heavily researched, updated, and battle-tested Trusted Execution Environment (TEE) used for confidential computing in data centers. Intel Total Memory Encryption (Intel TME), which helps ensure that all data in memory that’s accessed by an Intel® CPU – including customer credentials, encryption keys and other IP or personal information – is encrypted whenever it appears on the external memory bus. Cryptographic acceleration, based on several newly added, industry-pervasive instructions coupled with algorithmic and software innovations that collectively deliver breakthrough cryptographic performance. Intel® Platform Firmware Resilience (Intel® PFR), which implements a Platform Root of Trust (PRoT) that helps protect against platform firmware attacks, designed to detect and correct them before they can compromise or disable the machine. The Intel PFR is based on an Intel® MAX® 10 FPGA, which implements a PRoT that can be used to validate critical-to-boot platform firmware components before the Intel® CPU executes a single instruction. The Intel PFR is designed to protect, detect, and correct against multiple security threats such as permanent denial of service (PDOS) attacks. A PDOS attack attempts to render a server permanently inoperable by irrecoverably corrupting the system firmware. PDOS attacks are a growing threat against critical infrastructure systems such as those associated with banks, national power grids, and other utilities. The Intel MAX 10 FPGA helps protect firmware by attesting that it is safe prior to code execution. It also provides boot and runtime monitoring to assure that the server only runs known good firmware. The Intel PFR also supports automated recovery if corrupted firmware is detected. Previously, such protection would require manual intervention. The Intel PFR can protect multiple firmware components including the BIOS Flash, the BMC Flash, the SPI Descriptor, the Intel® Management Engine, and power supply firmware. The soft IP used in the Intel MAX 10 FPGA to implement the Intel PFR provides design visibility and flexibility, which allows system developers to customize the design to accommodate specific hardware, firmware, or other customer needs. For example, this flexibility would be critical when switching from one firmware BIOS vendor to another. For more information about the Intel PFR, click here. You can also download the Solution Brief titled “Intel® Data Center Block with Firmware Resilience.” For more information about Intel SGX, click here. For more information about all of the enhancements in the 3 rd Generation Intel Xeon Scalable processor family, click here. Notices & Disclaimers Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice. Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.Need a power sequencer? Here’s one that sequences as many as 144 voltage rails and fits in an Intel® MAX® 10 FPGA or MAX® V CPLD
CPUs, SoCs, FPGAs, and ASICs generally need carefully timed sequencing of voltages on their various power supply rails to safely power up and power down. You can fit a sophisticated, modular power sequencer that controls as many a 144 power rails with configurable power-on and power-off sequencing and timing for each rail inside of an Intel® MAX® 10 FPGA or MAX® V CPLD. Because these Intel MAX programmable logic devices are often used for many board-management functions, the incremental cost for adding power sequencing to your design using these devices can be as low as zero if you are already using one of these devices to implement other functions. Want more details? Watch this 5-minute video. Notices & Disclaimers Intel technologies may require enabled hardware, software or service activation. No product or component can be absolutely secure. Your costs and results may vary. © Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. Other names and brands may be claimed as the property of others.
