LynxSecure was designed to securely support the latest capabilities of Intel 64bit & 32bit CPUs. Extensive research and analysis went into the design of multi core, CPU virtualization, memory management, I/O device control, and interrupt management to ensure that hardware is utilized to its fullest extent to enhance protection while still provide high performance computing capabilities. The following features contribute to LynxSecure’s high performance capabilities:
- 64-bit & 32-bit virtualization support – Hosts 32-bit and 64-bit guest OSs and allocates up to 96GB of RAM for each guest OS
- Multi-core virtual CPU support – Supports symmetric multi-processing (SMP) guest OSs
- Multi-core physical CPU support – Allocates all available target platform CPU to host guest OSs and LynxSecure bare-metal applications
- Intel Hyper Threading Support – Supports Intel CPU core Hyper Threads to maximize processing throughput on each physical CPU core
- Intel VT-x direct execution – Uses Intel VT-x to allow guest OSs to execute directly on CPU cores to reduce virtualization overhead
- Intel VT-d direct device assignment – Uses Intel VT-d to allow guest OSs and LynxSecure applications to directly control and isolate communication with physical devices
- Intel EPT – Uses Intel Extended Page Tables to allow guest OSs to manage virtual memory page tables without the assistance of the hypervisor resulting in near native guest OS memory performance.
- Intel PAT – Allows users to simply configure the caching attributes of memory regions used by subjects running on LynxSecure to increase performance or mitigate timing channel attacks of certain applications
- Real-time Scheduler – Features a real-time programmable cyclic schedule that ensures all system operations are executed on clock tick precision to mitigate denial of service attacks and covert timing channels.