Processors
Intel® Processors, Tools, and Utilities
15871 Discussions

Cpu security instructions

Slisansn
Beginner
2,842 Views

Hi! I would like to know if it is secure to use Celeron G3900 processor or any other Skylake or younger Celeron CPU in business office environment, taking into account this cpu lacks important security instructions, such as Intel MPX, Intel OS guard, Trusted execution technology, etc? All I need is safe web browsing and work in Office apps. The speed CPU provides is ok, but what about security? 

Labels (1)
0 Kudos
1 Solution
Alberto_R_Intel
Employee
2,789 Views

Slisansn, You are very welcome, thank you very much for your response.


"if there is active TPM 2.0 and secure boot enabled as well as MS Defender active, would that mean browsing to be safe enough?" Yes, that is correct, all those tools are very useful and reliable when it comes to security in reference to web browsing. It is also important to be careful with the websites that you are visiting and read the warnings every time that you access a suspicious website.


"Please explain more on the terms Intel OS guard":

Intel® Software Guard Extensions (Intel® SGX) provide applications the ability to create hardware enforced trusted execution protection for their applications’ sensitive routines and data. Intel® SGX provides developers a way to partition their code and data into CPU hardened trusted execution environments (TEE’s).

https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html


"and Trusted execution technology":

Intel® Trusted Execution Technology for safer computing is a versatile set of hardware extensions to Intel® processors and chipsets that enhance the digital office platform with security capabilities such as measured launch and protected execution. It enables an environment where applications can run within their own space, protected from all other software on the system:

https://www.intel.com/content/www/us/en/support/articles/000025873/technologies.html


In which scenarios would those be strongly recommended? If you are concerned about the security of your data or the proper functioning of the system, it is recommended to use them all the time.


"is small amount of L3 cache (in G3900 case only 2MB) a huge disadvantage in daily work?" No, it is not, CPU Cache is an area of fast memory located on the processor. Intel® Smart Cache refers to the architecture that allows all cores to dynamically share access to the last level cache. It is excellent for daily work.


Regards,

Albert R.


Intel Customer Support Technician



View solution in original post

0 Kudos
7 Replies
Alberto_R_Intel
Employee
2,806 Views

Slisansn, Thank you for posting in the Intel® Communities Support.


"The speed CPU provides is ok, but what about security?" In reference to your question, yes, the Intel® Celeron® Processor G3900 provides the security that you are looking for and it is also a very reliable unit when it comes to the stability of the system. In the following link you will be able to verify some of the security features the Intel® processor has, please check under the "Security & Reliability" tab:

https://ark.intel.com/content/www/us/en/ark/products/90741/intel-celeron-processor-g3900-2m-cache-2-80-ghz.html


Still, it is very important to mention, that the security of the computer does not belong to the processor entirely, it is a group of components that will make the computer to be secured. The board is also very important since depending on the BIOS and the security features that it has or supports it will make the platform even more secure, that is why we recommend to check and confirm those features directly with the manufacturer of the board so they can provide even more details about the functionality of their BIOS. Same goes with the applications installed, if you install for example an Anti-Virus, it will also make the computer more reliable especially in this case that you are looking for safe web browsing and work in Office apps.


Any questions, please let me know.


Regards,

Albert R.


Intel Customer Support Technician


0 Kudos
Slisansn
Beginner
2,798 Views

Thank you for your feedback. if there is active TPM 2.0 and secure boot enabled as well as MS Defender active, would that mean browsing to be safe enough? Please explain more on the terms Intel OS guard, and Trusted execution technology. I was reading the definitions online, but not sure if understood correctly. In which scenarios would those be strongly recommended? Another question - is small amount of L3 cache (in G3900 case only 2MB) a huge disadvantage in daily work? 

0 Kudos
Alberto_R_Intel
Employee
2,790 Views

Slisansn, You are very welcome, thank you very much for your response.


"if there is active TPM 2.0 and secure boot enabled as well as MS Defender active, would that mean browsing to be safe enough?" Yes, that is correct, all those tools are very useful and reliable when it comes to security in reference to web browsing. It is also important to be careful with the websites that you are visiting and read the warnings every time that you access a suspicious website.


"Please explain more on the terms Intel OS guard":

Intel® Software Guard Extensions (Intel® SGX) provide applications the ability to create hardware enforced trusted execution protection for their applications’ sensitive routines and data. Intel® SGX provides developers a way to partition their code and data into CPU hardened trusted execution environments (TEE’s).

https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html


"and Trusted execution technology":

Intel® Trusted Execution Technology for safer computing is a versatile set of hardware extensions to Intel® processors and chipsets that enhance the digital office platform with security capabilities such as measured launch and protected execution. It enables an environment where applications can run within their own space, protected from all other software on the system:

https://www.intel.com/content/www/us/en/support/articles/000025873/technologies.html


In which scenarios would those be strongly recommended? If you are concerned about the security of your data or the proper functioning of the system, it is recommended to use them all the time.


"is small amount of L3 cache (in G3900 case only 2MB) a huge disadvantage in daily work?" No, it is not, CPU Cache is an area of fast memory located on the processor. Intel® Smart Cache refers to the architecture that allows all cores to dynamically share access to the last level cache. It is excellent for daily work.


Regards,

Albert R.


Intel Customer Support Technician



0 Kudos
Slisansn
Beginner
2,779 Views

Hi Albert! Thank you for your resonse and broad explanation. Most is clear now, just need understanding on Intel OS guard. If G3900 does not support it, but supports Intel SGX, it comes into contradiction. In my understanding these should be connected and work in tandem.

0 Kudos
Alberto_R_Intel
Employee
2,773 Views

Hi Slisansn, You are very welcome, we are glad to hear the information provided previously was useful for you.


"In my understanding these should be connected and work in tandem", not necessarily, as you can see in the specifications of the Intel® Celeron® Processor G3900, it does not support Intel® OS Guard but it does support Intel® Software Guard Extensions (Intel® SGX) with Intel® Management Engine. It also depends on the motherboard that you are going to use and the features it has and the settings provided by the manufacturer of it.


In order to gather further details about the Intel® OS Guard and Intel® Software Guard Extensions (Intel® SGX), please visit, register and submit your inquiry in our Intel® Developer Zone website, where you will find additional peer to peer assistance and further details on this matter:

https://www.intel.com/content/www/us/en/forms/idz/simple-registration.html


Regards,

Albert R.


Intel Customer Support Technician


0 Kudos
Slisansn
Beginner
2,754 Views

Hi Albert! Thank you for your time and thorough explanation. Now all is clear. 

0 Kudos
Alberto_R_Intel
Employee
2,746 Views

Hi Slisansn, You are more than welcome, thank you very much for your response.


"Now all is clear.", perfect, excellent, it is great to hear that now everything is clear and that that we were able to help in reference to the information you were looking for.


Any other inquires, do not hesitate to contact us again.


Regards,

Albert R.


Intel Customer Support Technician


0 Kudos
Reply