LaGrande Technology provide the following features:
- Protected Execution: Software can be run in an isolated mode were no other software can have access to its code and data. This technique is also known as Domain Separation.
- Sealed Storage: Data is stored encrypted and can only be decrypted by the same environment that stored it.
- Protected Input: Protects input devices (mouse and keyboard) from being sniffed or have their data changed by malicious software. LaGrande Technology does this by encrypting the commands sent through keyboard and mouse, so only software that has the correct encryption key can have access to these commands.
- Protected Graphics: Creates a secure path between applications running under protected execution to the video memory located on the video card, so no other software can see or change what is being written on the display.
- Attestation: A hardware-base attestation that LaGrande Technology protected environment is in place. This is provided by a module called TPM (Trusted Platform Module). Among other things, TPM provides a Random Number Generator (RNG) and also stores the encryption keys used by LaGrande Technology.
- Protected Launch: Controls the launch of the operating system in a protected execution environment.
Let’s now talk a little bit more about some of these features.