Software Security Guidance
This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.
Best Practices
Principles and techniques that Intel recommends in order to write more secure code, optimize the performance of particular environments and workloads, and better understand the evolving security landscape.
标题
Guidance on the Trusted Computing Base Recovery process for Intel technologies, enabling users to verify security updates have been deployed and establish platform trust.
Configuration guidance for General-Purpose Input/Output (GPIO) pins, uncommitted or shared function physical pins on an integrated circuit or electronic circuit board, controllable by software.
Intel® Trust Domain Extensions (Intel® TDX) introduces new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs).
Model-specific registers (MSRs) are control registers that allow system software to interact with a variety of features. This brief article focuses on two of those utilities in the Linux OS.
In some situations a malicious attacker may be able to infer stale data using Gather Data Sampling (GDS). This article provides guidance to users to perform a threat analysis for GDS exposure.
In certain configurations and circumstances, Intel processors are affected by some new variants of cache-based side channel attacks from untrusted VMMs when Intel TDX is enabled.
Intel’s strategy for mitigating potential covert channels or side channel attacks that use hardware-based incidental channels involves both hardware and software.
As an industry leader, Intel plays an outsized role in coordinating the industry response to security threats and has worked closely with the ecosystem to release mitigations in hardware and software.
Introducing a data operand independent timing processor mode and a list of instructions with data-independent timing that can be used with previous guidelines to mitigate timing side channels.
CPU frequency throttling is triggered when CPU power limits are reached. This article provides software guidance for mitigating timing side channels due to CPU frequency behavior.
Refined definitions and descriptions of transient execution attacks, such as Spectre and Meltdown, to more accurately classify speculative execution security vulnerabilities
Details, instructions, and debugging information for system administrators applying microcode updates to Intel® processors
Description of how the IA32_MCU_OPT_CTRL MSR affects the behavior of the RDRAND and RDSEED instructions to mitigate special register buffer data sampling
Learn how transient execution attacks work, how to assess your systems’ risk, what mitigations and configuration options are available, and what options are appropriate for different environments
Methodology and description of Intel's mitigation approach for Load Value Injection in LLVM/clang using LFENCE instructions
How to safely enable the FSGSBASE feature in experimental OS implementations
How to monitor and recover from performance impacts related to the JCC erratum fixed in the November 2019 microcode update
Watch a video about how Intel has changed its organizations and industry engagements in response to transient execution attacks
Overview of security features and technologies in Intel® processors that can be used to help mitigate transient execution attacks
产品和性能信息
1
性能因用途、配置和其他因素而异。请访问 www.Intel.cn/PerformanceIndex 了解更多信息。
2
英特尔® 技术的功能和优势取决于系统配置,并且可能需要启用硬件、软件或服务才能激活。实际性能可能因系统配置的不同而有所差异。没有任何产品或组件能够做到绝对安全。请咨询您的系统制造商或零售商,或者访问 Intel.cn 了解更多信息。