On Thu, Dec 12, 2013 at 8:04 AM, Steve Weis <steveweis@gmail.com> wrote:
... The document is talking about FY2013. IVB already shipped in 2012. I'd guess it was fabricated for testing in 2009-2010 and designed for a few years prior.
What enablement would be "complete" in 2013 for something that has been on the market a year and is already being phased out?
the bulk of 2012 was consume user hardware. the endpoint is a totally solved problem (read: trivial to exploit in many ways, all day, every day, per the docs) only server Ivy Bridge: Xeon E3 in mid-2012. the cores pushed in the SDN initiatives above came out not so many months ago... high capacity crypto aggregation points like this are an ideal target, with backdoor keying of VPN/SSL the ideal (passive) attack with their view of target's long haul fiber.
By 2013, Intel had already started shipping Haswell. They did launch new IVB E5v2 Xeon server processors this fall, but future CPUs will be Haswell and Broadwell.
Intel already has the next, next generation Skylake with SGX fabricated for testing.
but not released, and "enabling" means tied into X-KEYSCORE, TRAFFICTHIEF, whatever else gets draped off UPSTREAM...
I still think the document is talking about a dedicated crypto chip for VPN and SSL acceleration devices, just like it says.
the backdoors for all the other vendor hardware happened in years prior. HSMs and crypto accelerator gear is not exactly a vibrant or competitive market. in fact, these companies never seem to die, just carry on with decent margins riding on incremental design upgrades until they're bought out by a larger/growing competitor. ;) of course, this could be because companies like Sun charge $9,999 for an HSM/accelerator that is at best a reasonable cost at $1,499...