Whitepaper - January 2025
Author: Nivedita Aggarwal, Principal Engineer, Systems Security Architecture
Contributors:
Will Stevens, Senior Principal Engineer, SOC Security Architecture
Purushottam Goel, Principal Engineer, SOC Security Architecture
Yanai Moyal, Principal Engineer, IP Security Architecture
Igor Dinets, Security IP Engineering
Siang Lin Tan, Digital IP Architecture
1. Introduction
Hardware Security Engines are the foundation of Platform Security. With the Intel® Core Ultra processors (Series 1), Intel® Silicon Security Engine was introduced to function as Silicon Root of Trust (RoT). Separating this functionality at a hardware level from Manageability and Graphics Security, helps provide the secure isolation needed for the Silicon Security Root of Trust.
As we strengthen our SOC Hardware Security, our partners and customers continue to innovate through Software/Firmware based System Security solutions. The Intel® Partner Security Engine, starting Intel® Core Ultra Processors (Series 2) is a new dedicated Security Engine on the SOC, that can run such partner innovations securely in a sandbox inside our Silicon.
Figure 1 Intel Security Engine Roadmap
The Intel® Partner Security Engine hardware is a separate, dedicated engine developed by Intel based on the Intel® Silicon Security Engine Architecture. Intel has modified the Security Engine design to suit Partner Security needs. Intel® Partner Security Engine is capable of running Microsoft Pluton firmware and software.
2. Architectural Overview
2.1 Intel® Partner Security Engine Hardware Overview
Isolation is the key principle in design of the Intel® Partner Security Engine hardware. The Intel® Partner Security engine itself is a completely separate hardware from the main Intel CPU on the system. This ensures that side channel attacks based on cache and DRAM are not affecting the partner security usage. In addition to this, intel® Partner Security Engine has its own dedicated hardware and resources thus protecting the third-party code from rest of the SOC and also protecting the Intel SOC secrets from the third-party code.
To support this, isolation capabilities were implemented in the Intel® Partner Security Engine IP itself as well as at an SOC level.
2.1.1 Dedicated IP capabilities
Intel® Partner Security Engine supports Security usages like integrity verification, attestation etc…through services like cryptographic acceleration, Random Number Generation, and Secure Key Storage. It uses a local instance of the Intel Offload Crypto Subsystem IP and does not rely on the crypto from Intel® Silicon Security Engine.
Intel® Partner Security Engine Secure identity is attributed to its local certificate authority (CA) and is fully compliant with TCG DICE standard. Intel® Partner Security Engine also has its own device specific unique production keys used for variety of security use-cases.
From a firmware perspective, Intel® Partner Security Engine has dedicated and isolated SRAM where the firmware executes securely on the IP. It also has dedicated Non-volatile Memory within SPI-NOR flash on the device that can be used to store code and critical data variables across of reset and low power states.
Intel® Partner Security Engine has a dedicated interface to the host that leverages the HECI (Host Embedded Controller Interface) specification from Intel, to provide a secure PCI device based interface from Intel® Partner Security Engine to the Operating System.
The IPSE HW also has a dedicated set of fuses for Security usages that it accesses through its local fuse controller. Keeping these units on the IP itself, keeps Intel® Partner Security Engine fuses isolated from rest of the SOC and also protects SOC fuses from Intel® Partner Security Engine.
Figure 2 Intel® Partner Security Engine Block Diagram
2.1.2 Isolation of Intel® Partner Security Engine access to shared resources
In addition to the on-IP dedicated resources, Intel® Partner Security Engine also has access to shared resources on the SOC. This includes memory and I/O resources that are required for the IP to function efficiently. Accesses to these resources from Intel® Partner Security Engine as well as other IPs within the SOC are bounded by SOC Guardrails illustrated below.
Intel® Partner Security Engine has a dedicated region in System flash and Main memory (DRAM) that other IPs do not have permission to access. As illustrated in Fig 3, it also cannot access rest of the memory or I/Os.
Figure 3 Intel® Partner Security Engine SOC isolation
2.2 Intel® SOC Boot Flow with Intel® Partner Security Engine
One of the key aspects of independent execution and isolation, Intel® Partner Security Engine has its own Root of Trust for boot, update and recovery. It does not depend on the Intel® Silicon Security Engine for its boot. The Intel® Partner Security Engine Boot ROM is an Immutable ROM initializing Intel® Partner Security Engine hardware. Intel® Partner Security Engine Boot ROM (ROT) chain of trust is extended through Intel® Partner Security Engine firmware stack and respective assets used within Intel® Partner Security Engine environment.
Likewise, Intel® Partner Security Engine does not play any role to modify or control the overall SOC boot.
Figure 4 SOC Boot Flow with Intel® Partner Security Engine
2.3 Intel® Partner Security Engine Hardware Capabilities
In addition to addressing the Microsoft Pluton requirements and the Security isolation, Intel® Partner Security Engine has the below differentiating Architecture capabilities:
- Key Split: Intel® Partner Security Engine architecture enables secure and unique device secrets generated outside of Intel manufacturing facilities.
- SoftROM: Immutable ROM architecture enabled with late binding at OEM manufacturing to maximize quality and robustness in partnership with OEMs and partners.
- Binding ID: Intel® Partner Security Engine is architected with the flexibility to run multiple partner Firmware, however securely binding it to the system through a unique HW mechanisms. Once device is manufactured to run a particular Intel® Partner Security Engine partner firmware, it cannot be modified to execute any other firmware in the field
- Replay protection: Intel® Partner Security Engine is enabled with dedicated monotonic counter services enabling replay protection capability
- Intel has enabled OEM controls for IP opt-in, Image creation, manufacturing and provisioning as well as updates for setting up Intel® Partner Security Engine capabilities allowing OEMs to define what/how Intel® Partner Security Engine runs on their devices.
3. Intel® Partner Security Engine Usages
Partners leveraging Intel® Partner Security Engine directly benefit from Intel’s industry leading Security Root of Trust architecture to deliver hardware rooted security capabilities in pre-boot and post-boot environments. Examples of partner usages include TPM, Cryptography and Key management services and Secure Storage.
Microsoft Pluton will leverage the Security capabilities of Intel® Partner Security Engine starting Intel® Core Ultra Processors (Series 2) code named Lunar Lake. As the Microsoft Pluton roadmap continues to evolve to meet the needs of Windows Security, Intel® Partner Security Engine will continue to provide secure, performant and efficient hardware capabilities to support Pluton as well as other partner usages.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.