Intel’s new patch update brings its SDS mechanism to Linux | #linux | #linuxsecurity


– Advertisement –

Recently, Intel published its new patch which enables support for its Intel Software Defined Silicon (SDSi) mechanism in Linux. The technology is developed by Intel for its upcoming Intel Xeon processors and has been designed by team blue to activate additional silicon features after a processor has been deployed. 

The changelog of the patch does not mention any specific features it is meant to unlock or any specific Xeon Scalable processors it is meant to upgrade. However, we still do get some general understanding as to how this new patch will work.

According to sources, any changes or upgrades which the patch will bring are all related to software and do not require any manipulations with hardware. Therefore, it can be done relatively easily. Intel’s SDS initiative is a major one, however, the company is yet to offer software upgrades to its CPUs.

The most recent example of such software upgradeability is Intel’s Virtual RAID on CPU (Intel VROC) technology which relies on Intel’s very own Volume Management Device (VMD) hardware which is built into the CPU and has to be activated using a special hardware key.

The company also once offered its Upgrade Service software upgrade capability for its entry-level client CPUs. Its Upgrade Service will increase the CPU clock speed, unlock a previously unused portion of cache, and activate Hyper-Threading technology.

Recently, Intel has to differentiate features and performance of its Xeon Scalable processors with premium parts that support more memory, eight-way SMP capability, the highest number of cores, and all technologies that the chip giant has to offer.

– Advertisement –

And the company is set to bring out a plethora of new instructions with the launch of its 4th Generation Xeon Scalable ‘Sapphire Rapids’ processors. As well as the company will bring special-purpose accelerators designed for emerging workloads.

Here is the official description of Intel’s Software Defined Silicon (SDSi) mechanism:

Intel Software Defined Silicon (SDS) is a post-manufacturing mechanism for activating additional silicon features. Features are enabled through a license activation process.  The SDS driver provides a per socket, local interface for applications to perform three main provisioning functions:

– Advertisement –

1. Provision an Authentication Key Certificate (AKC), a key written to internal NVRAM that is used to authenticate a capability-specific activation payload.

 2. Provision a Capability Activation Payload (CAP), a token authenticated using the AKC and applied to the CPU configuration to activate a new feature. 

3. Read the SDS State Certificate, containing the CPU configuration state. 

source

– Advertisement –



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

seventy − sixty two =