Tag Archives: AMD Secure Technologies

How AMD CPUs Work In A Secured-core PC Device!

Microsoft just announced their partnership with AMD, Intel and Qualcomm to protect the PC’s firmware and operating system through the Secured-core PC initiative.

With help from Akash Malhotra, AMD Director of Security Product Management, here is everything you need to know about how AMD CPUs work in a Secured-core PC device!

 

What Is A Secured-core PC Device?

Secured-core PC is a new Microsoft initiative that they just announced. In partnership with their hardware partners, they aim to create a specific set of requirements for devices that are meant for secure use.

These requirements will apply the best practices in data security – isolation and minimal trust in the firmware layer and the device core that underpins the Windows operating system.

Secured-core PC devices are targeted at industries like financial services, government and healthcare, and anyone who work with valuable IP, customer or personal data. They would also be useful for persons of interest, who would be high-value targets for hackers and nation-state attackers.

Recommended : The Microsoft Secured-core PC Initiative Explained!

 

What Security Features Are Already In AMD CPUs?

Before we look at how AMD CPUs work in a Secured-core PC device, let’s take a look at what security features they ship with :

SKINIT: The SKINIT instruction helps create a “root of trust” starting with an initially untrusted operating mode. SKINIT reinitializes the processor to establish a secure execution environment for a software component called the secure loader (SL) and starts execution of the SL in a way to help prevent tampering SKINIT extends the hardware-based root of trust to the secure loader.

Secure Loader (SL): The AMD Secure Loader (SL) is responsible for validating the platform configuration by interrogating the hardware and requesting configuration information from the DRTM Service.

AMD Secure Processor (ASP): AMD Secure Processor is dedicated hardware available in each SOC which helps enable secure boot up from BIOS level into the Trusted Execution Environment (TEE). Trusted applications can leverage industry-standard APIs to take advantage of the TEE’s secure execution environment.

AMD-V with GMET: AMD-V is set of hardware extensions to enable virtualization on AMD platforms. Guest Mode Execute Trap (GMET) is a silicon performance acceleration feature added in next gen Ryzen which enables hypervisor to efficiently handle code integrity check and help protect against malware.

 

How AMD CPUs Work In A Secured-core PC Device

In a Secured-core PC powered by an AMD CPU, the firmware and bootloader will initialise, and shortly after, the system will transition into a trusted state with the hardware forcing the firmware down a well-known and measured code path.

That means the firmware is authenticated and measured by the security block in the AMD CPU, and that measurement is stored securely in TPM for verification and attestation by the operating system.

At any point after that, the operating system can request that the AMD security block remeasure and compare the firmware against the old values, before executing further operations. This way, the operating system can help verify the integrity of the system over time.

In AMD processors, the firmware protection is handled by the AMD Dynamic Root of Trust Measurement (DRTM) Service Block that is made up of SKINIT CPU instruction, ASP and the AMD Secure Loader (SL).

This block is responsible for creating and maintain a chain of trust between components by performing these functions:

  • Measure and authenticate firmware and bootloader
  • Gather the following system configuration for the OS, which will in turn validate them against its security requirements and store information for future verification.
    • Physical memory map
    • PCI configuration space location
    • Local APIC configuration
    • I/O APIC configuration
    • IOMMU configuration / TMR Configuration
    • Power management configuration

 

AMD SMM Supervisor

Although the method above protects the firmware, AMD points out that the System Management Mode (SMM) also needs to be protected.

SMM is a special-purpose x86 CPU mode that handles power management, hardware configuration, thermal monitoring, etc. Because SMM code executes in the highest privilege level and is invisible to the operating system, it is an attractive target for attackers.

To help isolate SMM, AMD introduced a security module called AMD SMM Supervisor that will :

  • Block SMM from being able to modify Hypervisor or OS memory. An exception is a small coordinate communication buffer between the two.
  • Prevent SMM from introducing new SMM code at run time
  • Block SMM from accessing DMA, I/O, or registers that can compromise the Hypervisor or OS

 

Recommended Reading

Go Back To > Cybersecurity | ComputerHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


The AMD Ryzen PRO Desktop CPU Tech Report

Right on the heels of the big reveal of the AMD EPYC 7000 Series (formerly known as AMD Naples) of enterprise server processors, AMD just announced the AMD Ryzen PRO family of desktop processors. Here is everything you need to know about them, including their specifications, key features and availability.

Updated @ 2017-09-03 : Added the first slew of desktop and notebook PCs that will ship soon.

Originally posted @ 2017-07-01

 

Enterprise-Grade Performance

The AMD Ryzen PRO processors are basically enterprise-grade versions of the AMD Ryzen 7 and Ryzen 5 processors. They have the same features performance characteristics as their consumer-grade brothers, like Precision Boost and Extended Frequency Range (XFR). The PRO versions just have additional security and remote management capabilities.

The slides above appear to have two typos. But the only important one you need to know is that, like the AMD Ryzen 7, the Ryzen 7 PRO has a peak frequency of 3.8 GHz.

[adrotate group=”1″]

 

The AMD Ryzen PRO Value Proposition

As our AMD Ryzen 7 1800X review has shown, the AMD Zen core is about 10% slower per clock cycle than the Intel Skylake core. It therefore comes to no surprise that AMD is focusing on their value proposition. They’re offering more cores at the same price points, delivering more performance per dollar.

Here are four spider charts that AMD created to show how much performance advantage the Ryzen PRO processors can offer over their direct Intel competitors. Like their consumer-grade brothers, these enterprise-grade processors directly compete with the 7th Generation Intel Core processors (formerly known as Kaby Lake).

With twice as many cores and threads, the AMD Ryzen 7 PRO 1700 appears to offer up to 73% better performance than the Intel Core i7-7700 in TrueCrypt (AES encryption).

The Ryzen 5 PRO 1600 offers 50% more processor cores and the ability to simultaneously process 3X more instruction threads than the Intel Core i5-7500. The end result – it was just over twice as fast in AES encryption using TrueCrypt, and almost twice as fast at rendering a 3D image in CINEBENCH R15.

The Ryzen 5 PRO 1500 has 4 cores, just like the Intel Core i5-7500, but its SMT capability allows it to process twice as many instruction threads. That allowed it to offer up to 76% better performance in 3DMark 11.

The Ryzen 3 PRO 1300 offers twice as many cores, albeit processing the same number of instruction threads, as the Intel Core i3-7100. That still allowed it to deliver up to 76% better performance in 3DMark 11.

Now, this is similar to what the consumer-grade AMD Ryzen 7 and Ryzen 5 processors already offer. So what extra features do these enterprise-grade desktop processors offer? Let’s find out!

Next Page > Key Features, Specifications & Availability

[adrotate group=”1″]

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Built-In Security Features

The AMD Ryzen PRO processors come with enterprise-grade security features called AMD Secure Technologies.

They consist of a 128-bit AES encryption engine and support for Windows 10 Enterprise Security, fTPM (firmware Trust Platform Module) and Secure Boot. They also support Transparent Secure Memory Encryption, which allows for independent encryption of memory contents with minimal performance impact.

AMD took care to point out that while similar security features are available with the Intel Core i7 and Core i5 vPro processors, there are no Core i3 vPro processors. This gives the AMD Ryzen 3 PRO processors a distinct advantage over the Core i3.

 

Greater Reliability & Manageability

Large enterprises are not just interested in performance. Reliability and manageability are arguably of greater concern to them. They also want supply chain certainty, so AMD guarantees the availability of every PRO model for 24 months. AMD will also reserve their highest yield wafers for these enterprise-grade processors, to ensure greater reliability.

Needless to say, these PRO processors have built-in remote management capabilities, similar to the Intel Active Management Technology that is part of Intel vPro. AMD implements the DASH (Desktop and mobile Architecture for System Hardware) open standard, while Intel AMT is proprietary in nature.

Again, AMD pointed out that these management and reliability features are not available for the Intel Core i3 processors, giving their AMD Ryzen 3 PRO processors a leg up in these aspects.

[adrotate group=”1″]

 

AMD Ryzen PRO Specifications

AMD has announced six PRO processors to start with, with the Ryzen 7 PRO and Ryzen 5 PRO processors mimicking the consumer-grade Ryzen 7 and Ryzen 5 processors already launched. Here is a simple table summarising their key specifications :

 

Desktop + Mobile Availability Updated!

According to AMD, Ryzen PRO-based PCs will start shipping in the second half of 2017., with these desktop PCs shipping shortly :

[adrotate group=”2″]
  • Dell Optiplex 5055 – shipping in the coming weeks
  • HP EliteDesk 705 – shipping in the coming weeks
  • Lenovo ThinkCentre M715 – shipping in the coming weeks

Laptop users are not forgotten though. AMD plans to release the Pro mobile processors in the first half of 2018. That said, they also announced that these laptops will ship by the end of the year :

  • Lenovo ThinkPad A475 and A275 laptops – shipping in Q4 2017

Next Page > The Complete Presentation & Press Release

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Official AMD Ryzen PRO Presentation Slides

Here is the complete set of the AMD Ryzen PRO presentation slides for your perusal.

[adrotate group=”1″]

 

The AMD Ryzen PRO Press Release

SUNNYVALE, Calif. — June 29, 2017 — Following the global excitement generated by the launch of its new EPYC family of server processors, AMD (NASDAQ: AMD) today added another tier to its enterprise CPU portfolio with the introduction of AMD Ryzen PRO desktop processors. Designed to meet the demands of today’s compute-intensive workplace, Ryzen PRO desktop processors will bring reliability, security, and performance to enterprise desktops worldwide.

“Today marks another important step in our journey to bring innovation and excitement back to the PC industry: the launch of our Ryzen PRO desktop CPUs that will bring disruptive levels of performance to the premium commercial market,” said Jim Anderson, senior vice president and general manager, Computing and Graphics Group, AMD. “Offering a significant leap in generational performance, leadership multi-threaded performance, and the first-ever 8-core, 16-thread CPU for commercial-grade PCs, Ryzen PRO provides a portfolio of technology choices that meet the evolving needs of businesses today and tomorrow.”

Ryzen PRO Lineup

Delivering breakthrough responsiveness for the most demanding enterprise-class applications and multi-tasking workflows, the ‘Zen’ core in every Ryzen PRO processor provides up to 52 percent improvement in compute capability over the previous generation1, and the Ryzen 7 PRO 1700 offers up to 62 percent more multi-threaded performance than select competing solutions2.

Security

Targeted for enterprise and public sector implementations, Ryzen PRO processors offer state-of-the-art silicon-level security, providing hardware-based cryptographic and security technologies to help protect against an ever-growing number of threats. Security standards like secure boot, fTPM (firmware Trust Platform Module), AES, and Windows 10 Enterprise security features are fully supported across the entire Ryzen PRO processor family.

[adrotate group=”2″]

Dependability

Built upon exceptional AMD product dependability and sourced from wafers with the highest yields, Ryzen PRO processors provide commercial-grade quality and reliability to help ensure platform longevity for future-ready computing. Industry-leading, open-standard DASH manageability allows for CPU-agnostic administration and helps ensure businesses avoid getting locked into proprietary solutions.

Availability

The world’s largest suppliers of commercial client desktops are expected to provide Ryzen PRO-based PCs to businesses worldwide in the second half of 2017. Ryzen PRO mobile is scheduled for the first half of 2018.

 

Suggested Reading

Go Back To > First PageComputer Hardware + Systems | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!