One of the details not too widely talked about with Intel’s newest Core Ultra Series 2 processors is the introduction of the Partner Security Engine, which is a new dedicated security engine on the SOC that is capable of running the Microsoft Pluton firmware and software. Intel today published more details around their Partner Security Engine.
Microsoft’s Pluton has proven to be very controversial with Linux users going back to its initial appearance on AMD laptop processors. Now with the Core Ultra Series 2 processors, there’s Pluton-capable support on the Intel side in the name of greater security.
In a new Intel blog post today, several of their engineers provided a nice and lengthy write-up on the Partner Security Engine for this separated hardware block on their newest SoCs. They state that this Partner Security Engine is protected from possible side channel attacks to the CPU cache and DRAM thanks to its isolation. There are also built-in protections between the Intel SoC IP and the partner third-party code.
The post does confirm that the Intel Partner Security Engine has its own Root of Trust for boot / update / recovery and does not depend on the Intel Silicon Security Engine. The Intel Partner Security Engine also plays no role to control or modify the overall Intel SoC boot process.
In addition to the Microsoft Pluton requirements, the IPSE boasts support for Key Split, SoftROM, flexibility to run multiple partner firmware, replay protection, and OEM controls for IP opt-in/creation/provisioning to better control the Intel Platform Security Engine on their systems.
Those wanting to learn more about the Intel Platform Security Engine can do so via this Intel blog post.
