12th Generation Intel® Core™ Processors Datasheet, Volume 1 of 2
Intel® Trusted Execution Technology
Intel® Trusted Execution Technology (Intel® TXT) defines platform-level enhancements that provide the building blocks for creating trusted platforms.
The Intel® TXT platform helps to provide the authenticity of the controlling environment such that those wishing to rely on the platform can make an appropriate trust decision. The Intel® TXT platform determines the identity of the controlling environment by accurately measuring and verifying the controlling software.
Another aspect of the trust decision is the ability of the platform to resist attempts to change the controlling environment. The Intel® TXT platform will resist attempts by software processes to change the controlling environment or bypass the bounds set by the controlling environment.
Intel® TXT is a set of extensions designed to provide a measured and controlled launch of system software that will then establish a protected environment for itself and any additional software that it may execute.
- The launching of the Measured Launched Environment (MLE).
- The protection of the MLE from potential corruption.
The enhanced platform provides these launch and control interfaces using Safer Mode Extensions (SMX).
The SMX interface includes the following functions:
- Measured/Verified launch of the MLE.
- Mechanisms to ensure the above measurement is protected and stored in a secure location.
- Protection mechanisms that allow the MLE to control attempts to modify itself.
The processor also offers additional enhancements to System Management Mode (SMM) architecture for enhanced security and performance. The processor provides new MSRs to:
- Enable a second SMM range
- Enable SMM code execution range checking
- Select whether SMM Save State is to be written to legacy SMRAM or to MSRs
- Determine if a thread is going to be delayed entering SMM
- Determine if a thread is blocked from entering SMM
- Targeted SMI, enable/disable threads from responding to SMIs, both VLWs, and IPI
For the above features, BIOS should test the associated capability bit before attempting to access any of the above registers. The capability bits are discussed in the register description.
For more information, refer to the Intel® Trusted Execution Technology Measured Launched Environment Programming Guide at: