Intel’s Sandy Bridge enhancements include remote kill for stolen devices
Mar 7, 2011 — by LinuxDevices Staff — from the LinuxDevices Archive — viewsIntel announced security and manageability enhancements for its “Sandy Bridge” range of Core processors. Targeting desktop PCs, portables, and embedded devices such as ATMs, the vPro technology includes a “poison pill” that can disable stolen devices, a new identify protection feature, enhanced KVM (keyboard video mouse) operation, plus automated configuration features.
Intel's announcement today touted its "newest family of business processors," but the company didn't actually have any fresh CPU model numbers to unveil. (That's a relief, too, since the company's pre-Consumer Electronics Show launch in January already unveiled 15 new "Sandy Bridge" mobile processors and 14 new desktop CPUs; later on, six embedded-specific stablemates came to light too.)
These 32nm Sandy Bridge chips gained a new microarchitecture, a 256-bit instruction set known as AVX (advanced vector extensions), enhanced GPUs (graphics processing units), and dedicated silicon for tasks such as transcoding video from one format to another. They require only simple I/O controllers, offered in at least ten models (the Q67, H67, H61, QM67, HM67, P67, HM65, B65, and QS67) collectively code-named Cougar Point.
Regarding the newly announced vPro enhancements, it seems these are already baked into most existing Sandy Bridge CPUs and Cougar Point controllers (the tables later in this story explain which of the CPUs can support VPro). Intel can simply turn on the capabilities at the behest of its OEM customers — for an undisclosed extra fee, naturally.
"vPro" is a term for availability security and manageability upgrades that do not appear to be the same for every Sandy Bridge CPU. (Intel's announcement and 2nd Generation Intel Core vPro product page do not do much to elucidate this.)
According to Intel, all second-generation Core vPro processors include its Anti-Theft (AT) Technology version 3.0. The previous version of AT already allowed administrators to send out "poison pills" that would disable stolen, Internet-connected devices when they were turned on: The new version uses encrypted SMS message to extend this functionality to 3G cellular networks, the chipmaker says.
Intel says AT 3.0 also offers a Locator Beacon technology that uses cellular networks and GPS receivers to locate missing laptops. If the devices went missing when they were in the vulnerable S3 standby state, the company adds, they'll now be protected by an encryption login that's more secure than the usual user name and password.
"Select" second-generation Core vPro processors also get Intel's Identity Protection Technology, which is designed to work with select VPNs, banking, commerce, and other secure sites. IPT supplements the normal one-factor username/password security with a six-digit numerical password, the latter automatically generated by authorized devices every thirty seconds.
According to Intel, some of the second-generation Core VPro devices include enhanced KVM technology that may be activated by remote administrators before an operating system boots and now supports resolutions up to 1900 x 1200 pixels. Also offered is a new Host-Based Configuration feature that "completely automates the process of setting up the vPro functions on new computers, [letting] … even thousands of computers can be configured simultaneously in a couple of minutes."
Intel also touted vPro for embedded devices, though here it used the moniker to refer to three previously announced technologies: Active Management Technology 7.0, Virtualization Technology (VT), and Trusted Execution Technology (TXT). Regarding AMT 7.0, the chipmaker said this allows customers to power on/off, diagnose, or repair remote devices such as digital signs or ATMs.
Finally, Intel says it will soon release a processor known as the Xeon E3-1200, which will include vPro technology plus ECC (error correcting code) memory support. This chip will be "ideal for a wide range of compute-intensive applications in market segments such as retail, digital signage and banking," according to the company.
| Model | Cores/threads | Clock speed/Turbo Boost | L3 Cache | TDP | vPro available? |
| Core i7-2600K | 4 / 8 | 3.4 / 3.8GHz | 8MB | 95 W | No |
| Core i7-2600 | 4 / 8 | 3.4 / 3.8GHz | 8MB | 95 W | Yes |
| Core i7-2600S | 4 / 8 | 2.8 / 3.8GHz | 8MB | 65 W | Yes |
| Core i5-2500K | 4 / 4 | 3.3 / 3.7GHz | 6MB | 95 W | No |
| Core i5-2500 | 4 / 4 | 3.3 / 3.7GHz | 6MB | 95 W | Yes |
| Core i5-2500S | 4 / 4 | 2.7 / 3.7GHz | 6MB | 65 W | Yes |
| Core i5-2500T | 4 / 4 | 2.3 / 3.3GHz | 6MB | 45 W | Yes |
| Core i5-2400 | 4 / 4 | 3.1 / 3.4GHz | 6MB | 95 W | Yes |
| Core i5-2400S | 4 / 4 | 2.5 / 3.3GHz | 6MB | 65 W | Yes |
| Core i5-2390T | 2 / 4 | 2.7 / 3.5GHz | 3MB | 35 W | Yes |
| Core i5-2300 | 4/4 | 2.8/3.1GHz | 6MB | 95W | No |
| Core i3-2120 | 2 / 4 | 3.3 / – GHz | 3MB | 65 W | No |
| Core i3-2100 | 2 / 4 | 3.1 / – GHz | 3MB | 65 W | No |
| Core i3-2100T | 2 / 4 | 2.5 / – GHz | 3MB | 35 W | No |
Intel's "Sandy Bridge" desktop CPUs and vPro availability
| Model | Cores/ threads |
Base core clock speed |
Peak Turbo clock speed |
L3 cache size |
DDR3 speed | TDP | VPro available? |
| Core i7-2920XM | 4/8 | 2.5 GHz | 3.5 GHz | 8 MB | 1600 MHz | 55W | Yes |
| Core i7-2820QM | 4/8 | 2.3 GHz | 3.4 GHz | 8 MB | 1600 MHz | 45W | Yes |
| Core i7-2720QM | 4/8 | 2.2 GHz | 3.3 GHz | 6 MB | 1600 MHz | 45W | Yes |
| Core i7-2620M | 2/4 | 2.7 GHz | 3.4 GHz | 4 MB | 1333 MHz | 35W | Yes |
| Core i5-2540M | 2/4 | 2.6 GHz | 3.3 GHz | 3 MB | 1333 MHz | 35W | Yes |
| Core i5-2520M | 2/4 | 2.5 GHz | 3.2 GHz | 3 MB | 1333 MHz | 35W | Yes |
The standard-voltage mobile offerings all come with vPro
| Model | Cores/ threads |
Base core clock speed |
Peak Turbo clock speed |
L3 cache size |
DDR3 speed | TDP | vPro available? |
| Core i7-2649M | 2/4 | 2.3 GHz | 3.2 GHz | 4 MB | 1333 MHz | 25W | Yes |
| Core i7-2629M | 2/4 | 2.1 GHz | 3.0 GHz | 4 MB | 1333 MHz | 25W | Yes |
| Core i7-2657M | 2/4 | 1.6 GHz | 2.7 GHz | 4 MB | 1333 MHz | 17W | Yes |
| Core i7-2617M | 2/4 | 1.5 GHz | 2.6 GHz | 4 MB | 1333 MHz | 17W | Yes |
| Core i5-2537M | 2/4 | 1.4 GHz | 2.3 GHz | 3 MB | 1333 MHz | 17W | Yes |
Low-voltage mobile offerings are offered in vPro versions too
| Processor | Cores /threads |
Base frequency (Ghz) |
Turbo frequency (Ghz) | Last-level cache (MB) |
TDP (W) | ECC supported? |
| Core i7-2710QE | 4/8 | 2.1 | 3 | 6 | 45 | no |
| Core i7-2715QE | 4/8 | 2.1 | 2.9 | 6 | 45 | yes |
| Core i7-2655LE | 2/4 | 2.2 | 2.9 | 4 | 25 | yes |
| Core i7-2610UE | 2/4 | 1.5 | 2.4 | 4 | 17 | yes |
| Core i5-2510E | 2/4 | 2.5 | 3.1 | 3 | 35 | no |
| Core i5-2515E | 2/4 | 2.5 | 3.1 | 3 | 35 | yes |
Intel's embedded-specific Sandy Bridge Cores (no vPro specifics provided on company's website)
Intel found a flaw in its Cougar Point that it disclosed at the end of January, explaining that the controllers' 3Gbps SATA ports could deteriorate over time and ultimately lead to any connected drives becoming totally inaccessible. The chipmaker says it will continue to supply flawed parts to vendors who promise not to use 3Gbps SATA, is now shipping redesigned ones in some quantity, and will be back to providing the originally envisaged volumes in April.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.