product resource tutorial

What Is Intel TME?

Learn how Intel TME (Total Memory Encryption) acts as a necessary safeguard for protecting a system’s memory from memory attacks.
Intel TME

Memory attacks have quietly emerged as a new class of hacking techniques to undermine conventional security measures, posing a threat to all data that passes through a system.

Learn how Intel TME (Total Memory Encryption) acts as a necessary safeguard for protecting a system’s memory and preserving functionality to ensure optimal performance.

What Is Intel TME?

Intel TME (Total Memory Encryption) encrypts all data passing to and from a computer’s CPU with a single transient key. Such information includes customer credentials, encryption keys, and other IP or personal information.

Why Is Intel TME important?

Memory attacks have quietly emerged as a new class of hacking techniques to undermine conventional security measures.

This new threat includes attacks at the hardware level such as removal and reading of dual in-line memory modules (DIMMs) or the installation of attack hardware.

Without Intel TME, hackers can access critical data, encryption keys, or install malware, compromising the security of a system.

How Does Intel TME Work?

Intel TME begins in the early stages of the boot process. Once configured and locked, it will encrypt all the data on the external memory buses of a CPU with the NIST Standard AES-XTS algorithm with 128-bit keys.

(NIST is the National Institute of Standards and Technology, AES is the Advanced Encryption Standard, and XTS stands for Tweakable Block Ciphertext Stealing, used for encryption and decryption.)

The encryption key is generated using a hardened random number generator in the CPU and never exposed to software, allowing existing software to run unmodified while better protecting memory. A new platform key is generated by the processor on every boot.

Data in memory and on the external memory buses is encrypted and is only in plain text while inside the CPU, similar to storage encryption on hard disks or SSDs.

There are, however, some instances where it would be better to not encrypt a portion of memory, so Intel TME allows the BIOS to specify a physical address range to remain unencrypted. TME can be enabled or disabled by IT admins in the BIOS settings.

The AES-XTS mode, which is usually used for block-based storage devices, takes the physical address of the data into account when encrypting each cacheline block. This ensures that the effective key is different for each cacheline.

Moving encrypted content across physical addresses results in garbage on read, mitigating block-relocation attacks.

Intel TME
Source: intel.com. Intel TME (Total Memory Encryption) encrypts all data passing to and from a computer's CPU with a single transient key.

Benefits Of Intel TME

Intel TME’s memory encryption capabilities provide protection of AES-XTS to the external memory buses and DIMMs.

The AES-XTS encryption engine is in the direct data path to external memory buses and, therefore, all the memory data entering and/or leaving the CPU on memory buses is encrypted using AES-XTS.

Intel TME also provides an extra layer of protection in the event that a computer is stolen, as the data is turned into garbage text (ciphertext) that is of no use to hackers.

Intel TME and Trenton Systems

As cyberattacks increase in sophistication, traditional security measures like usernames and passwords are proving to be relatively ineffective against digital and physical threats.

Additionally, hackers are now targeting both data and memory, further highlighting the need for advanced cybersecurity measures.

About Trenton Systems

Trenton Systems has been a leader in the embedded, industrial computer industry since 1989. Few computer companies can say that they have remained relevant in this ever-changing technology industry for so many years. Trenton has a rich history and have been used in many critical applications, but the goal has always remained the same – exceed the customer’s expectations by adding value with on time delivery and continuous improvements in quality of products and services.

Products include rack servers, blade servers, edge computing, rack mount servers, industrial computers, military computer rugged computers, rugged servers, embedded pcs, industrial servers, military servers, ruggedized servers mil spec computers, ruggedized pcs, military grade servers, rack mountable pcs, and computers made in the USA.

https://www.trentonsystems.com/

TAYLOR GAUNTT

Field Sales Engineer

Taylor is a Texas native, and grew up in the small town of Boerne, Texas.  He attended Texas A&M University, where earned his bachelor’s degree in Engineering.  After college he was recruited by a Manufacturer’s Rep Firm, where he spent the first 7 years of his career. Initially hired on as an inside salesperson, Taylor quickly accelerated within the organization and expanded into various other roles such as Distribution Manager, and Field Sales Engineer.  Taylor then spent the following 7 years working for an electronic component distributor named Electro Enterprises that almost exclusively supported the mil/aero market.

Taylor worked as a Field Sales Engineer supporting the Texas, Utah and New Mexico territory, Product Manager, as well as Director or Business Development where he managed a team of 10 Field Sales Professionals across the entire United States.  Gathering from his previous experiences, Taylor has now taken on the role of Field Sales Engineer with Vic Myers supporting the Texas, Oklahoma, Louisiana, and Arkansas territory.  Outside of the office you will usually find Taylor either spending time with his wife and two young children, or out on the lake bass fishing.

FELECIA STIVERS

Field Sales Engineer

Felecia Stivers, a native of Rockford, IL, now excels as a Field Sales Engineer at VMA in our Arizona office. Holding a BSEE from Arizona State University, she draws from her extensive background at Medtronic, Orbital Sciences, General Dynamics, and Northrop Grumman.

Specializing in high-reliability applications, Felecia stands out for her proficiency in relationship-building and innovative problem-solving. Whether contributing to medical devices or playing a vital role in rocket launches, her work has had a tangible impact on saving lives and safeguarding the nation.

Beyond her professional pursuits, Felecia enjoys time with her two teenagers, finds joy in travel, and actively engages with her local church. Driven by a passion for helping customers navigate cutting-edge technology, she is committed to delivering dependable solutions in fast-changing environments.

KAREN M. ROSS

People and Culture Specialist

Karen has been a part of Vic Myers Associates team since February 2023. Prior to her position as People and Culture Specialist, she worked in the Science & Technology field as an HR Manager & Project Lead for SAIC and LANL. In the short time with VMA she has learned a lot and looks forward to knowing our business even better in support of all of our employees. She values her church community, her two sons who happen to be engineers, volunteering, and golf. Karen is located in our Albuquerque, NM office.

MENU

Natalie Myers

Inside Sales Administration

Natalie Myers joined Vic Myers Associates in September 2021 and is excited to be part of the team. She received her bachelor’s in business administration from the University of Phoenix and prior to her position as Inside Sales Administration she worked in the Hospitality Industry for over 15 years as a Senior Sales Administrator. In her free time, she enjoys spending time with her husband, daughter, family and friends along with watching sporting events, traveling, hiking and cheering on her daughter in dance and basketball! Natalie is located in our Arizona office.

SEARCH OUR WEBSITE

Can’t find what you’re looking for?