Intel Trusted Execution Technology for Server Platforms : : A Guide to More Secure Datacenters.
Saved in:
: | |
---|---|
TeilnehmendeR: | |
Place / Publishing House: | Berkeley, CA : : Apress L. P.,, 2013. ©2013. |
Year of Publication: | 2013 |
Edition: | 1st ed. |
Language: | English |
Online Access: | |
Physical Description: | 1 online resource (149 pages) |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
5006422761 |
---|---|
ctrlnum |
(MiAaPQ)5006422761 (Au-PeEL)EBL6422761 (OCoLC)1113481075 |
collection |
bib_alma |
record_format |
marc |
spelling |
Futral, William. Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. 1st ed. Berkeley, CA : Apress L. P., 2013. ©2013. 1 online resource (149 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel ® Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel® Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel ® TXT -- What You Need: Definition of an Intel ® TXT-Capable System -- Intel® TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF). Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel ® TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel® TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy. Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures. The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index. Description based on publisher supplied metadata and other sources. Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. Electronic books. Greene, James. Print version: Futral, William Intel Trusted Execution Technology for Server Platforms Berkeley, CA : Apress L. P.,c2013 9781430261483 ProQuest (Firm) https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422761 Click to View |
language |
English |
format |
eBook |
author |
Futral, William. |
spellingShingle |
Futral, William. Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel ® Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel® Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel ® TXT -- What You Need: Definition of an Intel ® TXT-Capable System -- Intel® TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF). Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel ® TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel® TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy. Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures. The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index. |
author_facet |
Futral, William. Greene, James. |
author_variant |
w f wf |
author2 |
Greene, James. |
author2_variant |
j g jg |
author2_role |
TeilnehmendeR |
author_sort |
Futral, William. |
title |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
title_sub |
A Guide to More Secure Datacenters. |
title_full |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
title_fullStr |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
title_full_unstemmed |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
title_auth |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
title_new |
Intel Trusted Execution Technology for Server Platforms : |
title_sort |
intel trusted execution technology for server platforms : a guide to more secure datacenters. |
publisher |
Apress L. P., |
publishDate |
2013 |
physical |
1 online resource (149 pages) |
edition |
1st ed. |
contents |
Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel ® Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel® Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel ® TXT -- What You Need: Definition of an Intel ® TXT-Capable System -- Intel® TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF). Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel ® TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel® TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy. Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures. The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index. |
isbn |
9781430261490 9781430261483 |
callnumber-first |
Q - Science |
callnumber-subject |
QA - Mathematics |
callnumber-label |
QA76 |
callnumber-sort |
QA 276.9 A25 |
genre |
Electronic books. |
genre_facet |
Electronic books. |
url |
https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422761 |
illustrated |
Not Illustrated |
oclc_num |
1113481075 |
work_keys_str_mv |
AT futralwilliam inteltrustedexecutiontechnologyforserverplatformsaguidetomoresecuredatacenters AT greenejames inteltrustedexecutiontechnologyforserverplatformsaguidetomoresecuredatacenters |
status_str |
n |
ids_txt_mv |
(MiAaPQ)5006422761 (Au-PeEL)EBL6422761 (OCoLC)1113481075 |
carrierType_str_mv |
cr |
is_hierarchy_title |
Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters. |
author2_original_writing_str_mv |
noLinkedField |
marc_error |
Info : No Determination made, defaulting to MARC8 --- [ 856 : z ] |
_version_ |
1792331059137871872 |
fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>07315nam a22004213i 4500</leader><controlfield tag="001">5006422761</controlfield><controlfield tag="003">MiAaPQ</controlfield><controlfield tag="005">20240229073838.0</controlfield><controlfield tag="006">m o d | </controlfield><controlfield tag="007">cr cnu||||||||</controlfield><controlfield tag="008">240229s2013 xx o ||||0 eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781430261490</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781430261483</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(MiAaPQ)5006422761</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(Au-PeEL)EBL6422761</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1113481075</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">MiAaPQ</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">MiAaPQ</subfield><subfield code="d">MiAaPQ</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Futral, William.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Intel Trusted Execution Technology for Server Platforms :</subfield><subfield code="b">A Guide to More Secure Datacenters.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Berkeley, CA :</subfield><subfield code="b">Apress L. P.,</subfield><subfield code="c">2013.</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2013.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (149 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel ® Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel® Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel ® TXT -- What You Need: Definition of an Intel ® TXT-Capable System -- Intel® TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF).</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel ® TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel® TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index.</subfield></datafield><datafield tag="588" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources.</subfield></datafield><datafield tag="590" ind1=" " ind2=" "><subfield code="a">Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. </subfield></datafield><datafield tag="655" ind1=" " ind2="4"><subfield code="a">Electronic books.</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Greene, James.</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Futral, William</subfield><subfield code="t">Intel Trusted Execution Technology for Server Platforms</subfield><subfield code="d">Berkeley, CA : Apress L. P.,c2013</subfield><subfield code="z">9781430261483</subfield></datafield><datafield tag="797" ind1="2" ind2=" "><subfield code="a">ProQuest (Firm)</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422761</subfield><subfield code="z">Click to View</subfield></datafield></record></collection> |