Enable Intel vPro® Platforms on Chrome* Based on 12th Generation Intel® Core™ Processors

As the way we work continues to evolve, so Intel platforms for Chrome OS*. One of the most exciting announcements from CES 2022 was the HP* introduction of the world's first Chromebook enabled with Intel vPro^™ technology, the HP Elite Dragonfly*. This is a result of a tremendous collaboration effort between the Chrome OS team at Intel, and its partners at Google* and HP.

This Intel vPro Platform is a new class of innovative, stylish, thin-and-light laptops that offer powerful features and premium experiences. In particular, they unleash state-of-the-art capabilities designed for Chromebook enterprise users and IT administrators. See Figure 1.

Key Features

Figure 1. Key Intel vPro Platform Features on Intel® Core™ processors

As shown in Figure 1, this new Intel vPro Platform integrates the latest computing technologies, including:

• Hardware-based security
• Remote manageability
• Stability and platform validation

Hardware-Based Security

The new Intel vPro Platform provides comprehensive hardware-based security via two key features: Key Locker and Intel® Total Memory Encryption (Intel® TME).

• Key Locker provides a mechanism to encrypt and decrypt data with an AES key without having access to the raw key value. It does this by converting AES keys into handles.² This feature is based on a new x86 instruction set from Intel that simplifies some of the complexity in encryption and decryption algorithms. The instruction set:
  • Mitigates key exfiltration opportunities by protecting disk encryption keys, specifically, better protection against cold boot attacks
  • Helps prevent the leaking of keys
• TME enables the base functionality to allow for full physical memory encryption, providing:
  • An x86 instruction set extension for full physical memory encryption of DRAM and NVRAM with a single ephemeral key
  • Integration with unmodified, existing software applications and systems (enabled via the BIOS during the initial boot process)
  • Exposure to software via model-specific registers inside the chip (where data exists in plain text). This maintains compatibility with all existing software and I/O models. The advanced encryption engines are physically located directly on the data paths to external memory buses, ensuring that all data entering and leaving the chip is encrypted.³

Remote Manageability

Telemetry is a cloud-based solution for enterprise administrators to maintain and improve the health and security of Chrome* devices. It allows enrolled (managed) enterprise Chrome devices to periodically wake up, collect, and send data to remote enterprise servers. Based on the telemetry data, administrators can enforce policies, install operating system updates and extensions, or notify users to correct usage behaviors. See Figure 2.

Figure 2. Remote manageability of platforms⁴

Stability and Platform Validation

In the Intel® Stable IT Platform Program (Intel® SIPP), Intel works directly with original equipment manufacturers (OEM) to conduct extensive testing and validation to certify platform stability and reliability for both IT and end users.

Summary

For the first time, we have closely collaborated with Google to deliver a platform promise built around security, performance, manageability, and stability that can be found on Chromebook notebook computers with Intel^® vPro^™ Enterprise platform and are based on 12th generation Intel Core processors.

Delivering devices that Chromebook Enterprise users deserve to keep up with today's hybrid workforce demands and supporting the pain points of IT decision makers.

References

1. HP Ultralight Elite Dragonfly Laptop Brings a Chromebook Friend to CES 2022
2. Key Locker Specification
3. Total Memory Encryption
4. Understand Chrome Policy Management