Software Security Guidance
This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.
Feature Documentation
Descriptions of Intel security features, platform controls, and performance enhancements, as well as guidance on how developers can use these features and options to better secure systems, mitigate certain security issues, and optimize workloads.
标题
Intel is providing a microcode update to 4th and 5th Generation Intel® Xeon® Scalable Processors that disables UMONITOR by default to avoid performance impacts but provides a re-enablement option.
This article consolidates prior Intel guidance related to speculative execution and transient execution attacks, mitigation best practices, and mitigation controls on Intel processors.
This article describes the advanced security assurance actions, above and beyond standard SDL requirements, that Intel has dedicated to assuring Intel TDX provides robust security.
Introducing a data operand independent timing processor mode and a list of instructions with data-independent timing that can be used with previous guidelines to mitigate timing side channels.
Enumeration of architectural model specific registers (MSRs) on Intel® processors used to help mitigate transient execution attacks
Some newer Intel processors support a new hardware prefetcher feature classified as a Data-Dependent Prefetcher (DDP) which exhibits properties designed to restrict side channel attacks.
This article describes a Fast Store Forwarding Predictor (FSFP) performance feature that is supported on certain Intel processors.
Overview of security features and technologies in Intel® processors that can be used to help mitigate transient execution attacks
How to use the single thread indirect branch predictor (STIBP) mechanism to help mitigate branch target injection transient execution attacks
Technical deep dive to help developers understand and mitigate transient execution attacks in managed runtimes (JavaScript*, Java*, and C#) and their JIT/AOT compiler frameworks
How to use the indirect branch predictor barrier (IBPB) mechanism to help mitigate branch target injection transient execution attacks
Intel's overview of speculative execution side channel methods (transient execution attacks) such as Spectre v1 (bounds check bypass) and Meltdown (rogue data cache load)
How to use Indirect Branch Restricted Speculation (IBRS) and Enhanced IBRS to help mitigate branch target injection and speculative store bypass transient execution attacks
产品和性能信息
1
性能因用途、配置和其他因素而异。请访问 www.Intel.cn/PerformanceIndex 了解更多信息。
2
英特尔® 技术的功能和优势取决于系统配置,并且可能需要启用硬件、软件或服务才能激活。实际性能可能因系统配置的不同而有所差异。没有任何产品或组件能够做到绝对安全。请咨询您的系统制造商或零售商,或者访问 Intel.cn 了解更多信息。