Jintide Security Auditing Platform for Intel Xeon CPUs

2
Jintide Platform Overview Hot Chips 31
Jintide Platform Overview Hot Chips 31

Jintide bills itself as a security-enhanced Intel Xeon server CPU. Realistically, it is an auditing mechanism for Intel CPUs. The motivations are fairly clear, it is to build a harness that can intercept memory and I/O from a Xeon CPU and check to ensure that the chip and platform are presenting what one would expect. If that seems dense, let us go into the presentation, at Hot Chips 31, and delve into why.

Jintide Security Auditing Platform for Intel Xeon CPUs

The Jintide solution has a few main components. At the center is a custom package that combines an Intel Skylake generation Xeon CPU with two Jintide chips. We are going to get to those shortly. Beyond the main package, custom DIMMs must also be used in the platform. Jintide showed this off specifically in a Lenovo platform. The motivation is clear, accelerate the discovery of vulnerabilities that can be introduced into a complex chip.

Jintide Platform Motivation Hot Chips 31
Jintide Platform Motivation Hot Chips 31

There are so many variables in modern servers and the chips are so complex, an auditing tool that can test for vulnerabilities is needed.

Jintide Platform Motivation 2 Hot Chips 31
Jintide Platform Motivation 2 Hot Chips 31

Two examples are finding Spectre/ Meltdown, L1TF, and other vulnerabilities. It can also be used to detect latent trojan logic in a system that changes behavior over what is expected.

Jintide Platform Detect Example Hot Chips 31
Jintide Platform Detect Example Hot Chips 31

With that problem, Jintide, with Intel’s help, created an auditing solution.

Jintide Platform Questions Solved Hot Chips 31
Jintide Platform Questions Solved Hot Chips 31

We are going to get to the solution next.

Jintide Security Auditing Platform for Intel Xeon CPUs

The overall solution includes both a custom CPU package as well as custom DDR4 modules.

Jintide Platform Overview Hot Chips 31
Jintide Platform Overview Hot Chips 31

Here is a diagram of the solution, but the short answer is that the solution is designed to monitor all memory and I/O messages to a CPU. That way, one can sample what a CPU is doing and potentially detect vulnerabilities or validate proper operation.

Jintide Platform Architecture And Check Flow Hot Chips 31
Jintide Platform Architecture And Check Flow Hot Chips 31

The DIMMs repace the register and buffer are replaced with the memory tracing registers. These allow Jintide to validate the flow of information from the CPU to memory. There are also two new chips added to the CPU package.

Jintide Platform Chips Summary Hot Chips 31
Jintide Platform Chips Summary Hot Chips 31

Here is a look at the solution. Due to the two new chips, it can only be configured with up to 24 cores. These can also be configured for multi-CPU scenarios. Due to the additional TDP from the Jintide chips still have up to a 205W TDP.

Jintide Platform MCP Hot Chips 31
Jintide Platform MCP Hot Chips 31

The Jintide ITR can monitor PCIe traffic and has data buffers to monitor the PCIe I/O of the system. Fabbed on TSMC 28nm, it has a 40W TDP and also has the memory to store all of the sampling data.

Jintide Platform ITR Hot Chips 31
Jintide Platform ITR Hot Chips 31

The smaller chip is the 15W TDP RCP chip has reconfigurable logic arrays to help analyze what the CPU is doing.

Jintide Platform RCP Hot Chips 31
Jintide Platform RCP Hot Chips 31

If you wanted to see everything a CPU is doing, this is a great test harness to do so. Adding 55W of validation chips and using lower volume packaging is not something we expect to make it to mainstream volume servers. It is possible these are used in certain sensitive applications and labs.

Final Words

There is performance loss by sampling, but one can select sampling frequency to either increase the chance of detection or increase performance. It is not hard to understand why this chip exists. In theory, it could be deployed, but realistically, this version looks more like an auditing tool. Adding additional logic that monitors all memory and I/O messages mean that the Jinade tool itself represents a potential vulnerability. As an auditing tool, this is not as big of a concern but it would be a major one in deployment.

The scope was limited to Skylake Xeons but at Hot Chips 31 no other designs were disclosed. One could see this as a valuable tool for Intel to test the impacts of security mitigations as it evolved its Skylake cores to the 2nd Gen Intel Xeon Scalable platform that had many security enhancements.

SHARE
Previous articleIntel NNP-I 1000 Spring Hill Details at Hot Chips 31
Next articleIntel Lakefield Hybrid SoC Detailed
Patrick has been running STH since 2009 and covers a wide variety of SME, SMB, and SOHO IT topics. Patrick is a consultant in the technology industry and has worked with numerous large hardware and storage vendors in the Silicon Valley. The goal of STH is simply to help users find some information about server, storage and networking, building blocks. If you have any helpful information please feel free to post on the forums.

2 COMMENTS

  1. Adding chips to your platform that can directly sample CPU and RAM sounds like a brilliant way to introduce vulnerabilities and attack vectors. Maybe Intel forgot about their own IME disasters or simply concluded that if this solution doesn’t have Intel branding it won’t backfire as hard when eventually it turns out to be vulnerable.

LEAVE A REPLY

Please enter your comment!
Please enter your name here