Software Security Guidance

This information is designed for developers and systems experts looking to understand potential vulnerabilities and assess risk, with resources and recommendations for building more secure solutions.

 

Best Practices

Principles and techniques that Intel recommends in order to write more secure code, optimize the performance of particular environments and workloads, and better understand the evolving security landscape.

25 Results
|
There may be additional results restricted from public access; sign in or register to ensure you are seeing all content available to you.
Title
ID
Date
Version
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
Guidance on the Trusted Computing Base Recovery process for Intel technologies, enabling users to verify security updates have been deployed and establish platform trust.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
Configuration guidance for General-Purpose Input/Output (GPIO) pins, uncommitted or shared function physical pins on an integrated circuit or electronic circuit board, controllable by software.
Image for: Trust Domain Security Guidance for Developers
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
Intel® Trust Domain Extensions (Intel® TDX) introduces new, architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs).
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
Model-specific registers (MSRs) are control registers that allow system software to interact with a variety of features. This brief article focuses on two of those utilities in the Linux OS.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
In some situations a malicious attacker may be able to infer stale data using Gather Data Sampling (GDS). This article provides guidance to users to perform a threat analysis for GDS exposure.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
This article describes how Intel identifies microcode updates that are suitable to load at runtime. OSes can use this information to make informed decisions about when to load microcode updates.
Image for: MKTME Side Channel Impact on Intel TDX
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
In certain configurations and circumstances, Intel processors are affected by some new variants of cache-based side channel attacks from untrusted VMMs when Intel TDX is enabled.
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Intel’s strategy for mitigating potential covert channels or side channel attacks that use hardware-based incidental channels involves both hardware and software.
ID:
Date:
Version:1.0
File: URL Content Type: Technical Articles
As an industry leader, Intel plays an outsized role in coordinating the industry response to security threats and has worked closely with the ecosystem to release mitigations in hardware and software.
ID:
Date:
Version:Original
File: URL Content Type: Architecture Guides
Introducing a data operand independent timing processor mode and a list of instructions with data-independent timing that can be used with previous guidelines to mitigate timing side channels.
ID:
Date:
Version:2.1
File: URL Content Type: Best Practices
Learn how cryptographic implementations use constant time principles to help protect secret data from traditional side channel attacks
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
CPU frequency throttling is triggered when CPU power limits are reached. This article provides software guidance for mitigating timing side channels due to CPU frequency behavior.
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Refined definitions and descriptions of transient execution attacks, such as Spectre and Meltdown, to more accurately classify speculative execution security vulnerabilities
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Introduction to XuCode and usage instructions to implement the Intel SGX instruction set
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Details and how-to instructions for spectre-meltdown-checker.sh, a tool used to detect a system's potential vulnerability to transient execution attacks and current mitigation status
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Details, instructions, and debugging information for system administrators applying microcode updates to Intel® processors
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Description of how the IA32_MCU_OPT_CTRL MSR affects the behavior of the RDRAND and RDSEED instructions to mitigate special register buffer data sampling
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Learn how transient execution attacks work, how to assess your systems’ risk, what mitigations and configuration options are available, and what options are appropriate for different environments
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Instructions and guidelines for Linux* developers to update and verify microcode for Intel® processors
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
Methodology and description of Intel's mitigation approach for Load Value Injection in LLVM/clang using LFENCE instructions
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
How to safely enable the FSGSBASE feature in experimental OS implementations
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
How to monitor and recover from performance impacts related to the JCC erratum fixed in the November 2019 microcode update
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
How to apply security principles and industry best practices to help protect your code and systems from potential transient execution attacks
ID:
Date:
Version:Original
File: URL Content Type: Technical Articles
Watch a video about how Intel has changed its organizations and industry engagements in response to transient execution attacks
ID:
Date:
Version:Latest
File: URL Content Type: Technical Articles
Overview of security features and technologies in Intel® processors that can be used to help mitigate transient execution attacks

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.

2

Features and benefits in Intel® technologies depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at Intel.com.

3

Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors.

Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.

Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.