Manualshelf

Data Sheet

ManualsBrandsIntel ManualsCPU ProcessorsCore i7-9700KF 3.6 GHz Eight-Core LGA 1151 Processor
61626364656667686970
Datasheet, Volume 1 of 2 61
Technologies
3.2.5 Execute Disable Bit
The Execute Disable Bit allows memory to be marked as non executable when
combined with a supporting operating system. If code attempts to run in non-
executable memory, the processor raises an error to the operating system. This feature
can prevent some classes of viruses or worms that exploit buffer overrun vulnerabilities
and can, thus, help improve the overall security of the system.
Refer the Intel 64 and IA-32 Architectures Software Developer's Manuals for more
detailed information.
3.2.6 Boot Guard Technology
Boot Guard technology is a part of boot integrity protection technology. Boot Guard can
help protect the platform boot integrity by preventing execution of unauthorized boot
blocks. With Boot Guard, platform manufacturers can create boot policies such that
invocation of an unauthorized (or untrusted) boot block will trigger the platform
protection per the manufacturer's defined policy.
With verification based in the hardware, Boot Guard extends the trust boundary of the
platform boot process down to the hardware level.
Boot Guard accomplishes this by:
Providing of hardware-based Static Root of Trust for Measurement (S-RTM) and the
Root of Trust for Verification (RTV) using Intel architectural components.
Providing of architectural definition for platform manufacturer Boot Policy.
Enforcing of manufacture provided Boot Policy using Intel architectural
components.
Benefits of this protection is that Boot Guard can help maintain platform integrity by
preventing re-purposing of the manufacturer’s hardware to run an unauthorized
software stack.
3.2.7 Intel
®
Supervisor Mode Execution Protection (SMEP)
Intel
®
Supervisor Mode Execution Protection (SMEP) is a mechanism that provides the
next level of system protection by blocking malicious software attacks from user mode
code when the system is running in the highest privilege level. This technology helps to
protect from virus attacks and unwanted code from harming the system. For more
information, refer to Intel
®
64 and IA-32 Architectures Software Developer's Manual,
Volume 3A at: http://www.intel.com/Assets/PDF/manual/253668.pdf
3.2.8 Intel
®
Supervisor Mode Access Protection (SMAP)
Intel
®
Supervisor Mode Access Protection (SMAP) is a mechanism that provides next
level of system protection by blocking a malicious user from tricking the operating
system into branching off user data. This technology shuts down very popular attack
vectors against operating systems.
For more information, refer to the Intel
®
64 and IA-32 Architectures Software
Developer's Manual, Volume 3A: http://www.intel.com/Assets/PDF/manual/253668.pdf