Video: Intel and Arm IoT Provisioning Prototype

Intel and Arm are collaborating on a joint vision to securely connect any Internet of Things device to any cloud. This prototype demo video shows Intel and Arm devices being powered on to be onboarded and provisioned to the Arm Pelion IoT platform. (Credit: Intel Corporation)

More: Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’

The post Video: Intel and Arm IoT Provisioning Prototype appeared first on Intel Newsroom.

Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’

lorie wigle

By Lorie Wigle

The Internet of Things (IoT) is transitioning from first proof-of-concept deployments into a new growth phase that is expected, according to industry analysts, to deploy 1 trillion devices by 2035.1 What is driving these lofty projections are the incredible business benefits that will be achieved with data-driven IoT initiatives such as edge computing, artificial intelligence (AI), predictive maintenance and autonomous systems. The more data that is collected, the more valuable the data becomes. However, this model may not be realized unless the industry can collaborate on more open and scalable methods to securely provision devices and their data to the cloud.

To answer these challenges, Intel is teaming up with Arm* to provide solutions to securely onboard2 both Intel and Arm IoT devices to any application or cloud framework.

First, let me walk you through the traditional manual onboarding process for IoT devices, which has multiple challenges. It typically takes more than 20 minutes per device and involves coordination among installation technicians, IT network/security operations and operational technology teams. The device identity and network access credentials are either painstakingly preloaded into the device at manufacturing or configured in the field from a standard image using insecure human processes. Compounding the security issues are the proliferation of cloud-specific provisioning methods without a consistent hardware-protected device identity model. For IoT to scale to a trillion devices in less than two decades, this process must be faster, safer and more flexible.

Now, the solution: Last October, Intel® Secure Device Onboard was launched as the first solution that enabled a “late binding” approach to provisioning, where customers could dynamically discover their target cloud platform for provisioning seconds after the device is powered on in the field. The collaboration with Arm aims to extend this capability from Intel devices to include the Arm devices that commonly are deployed together by customers. This strategic collaboration of two major ecosystems is designed to provide the industry with a more flexible provisioning method that can be natively enabled in devices.

So how does it work? Watch the prototype video below that shows how Intel and Arm devices can be credentialed and provisioned in seconds to join any cloud application framework.

As a result, customers should be able to choose their onboarding systems of record without being locked into a single cloud provider’s provisioning method or a single device architecture. Flexibility can be built in before the device is purchased to onboard into any cloud ecosystem. Device management systems such as Pelion*, cloud/on-premise IoT platforms and connected partner ecosystems all benefit from increased variety of devices, lower cost and faster deployment. Device suppliers can simplify manufacturing to a single SKU that can be provisioned with customer-specific credentials in the field rather than in the factory, dramatically reducing cost while decreasing time to market.

“Intel and Arm are simplifying one of IoT’s most complex and challenging barriers with regard to streamlining the manufacturing and security deployment workflows for IoT. This is an ROI win for the customer, who will be able to deploy both Intel- and Arm-based devices at a lower cost and with less friction between IT and OT, while at the same time retaining flexibility over their data and cloud partner choice until the deployment phase,” said Michela Menting, director, ABI Research.

Learn more about the solution at IoT Solution World Congress’s smart building customer case study presentation and view the joint demo that is nominated for top TestBed award. You may also attend the technical presentation at Arm TechCon that will showcase the Pelion Device Management zero-touch experience. Intel and Arm are seeking customer and ecosystem feedback on the prototypes and expect to engage pilot customers later this year. Contact iotonboarding@intel.com for more information on the pilot programs.

Intel’s collaboration with Arm allows us to progress a joint vision of “any device, any cloud” to span multiple device architectures. As we enter this accelerated growth phase for IoT, we will continue to collaborate with technology vendors to provide customers the protections they need. On behalf of the entire Intel team, I thank our industry partners and customers for their ongoing support.

Lorie Wigle is vice president of Software and Services Group and general manager of Internet of Things Security at Intel Corporation.

1Trillion devices by 2035- source ARM white paper https://community.arm.com/cfs-file/__key/telligent-evolution-components-attachments/01-1996-00-00-00-01-30-09/Arm-_2D00_-The-route-to-a-trillion-devices-_2D00_-June-2017.pdf

2From out-of-box to securely streaming data to an IoT Platform

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://www.intel.com/content/www/us/en/internet-of-things/secure-device-onboard.html.

Intel, the Intel logo, and Intel® Secure Device Onboard are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

The post Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’ appeared first on Intel Newsroom.

Protecting Our Customers through the Lifecycle of Security Threats

By Leslie Culbertson

Intel’s Product Assurance and Security (IPAS) team is focused on the cybersecurity landscape and constantly working to protect our customers. Recent initiatives include the expansion of our Bug Bounty program and increased partnerships with the research community, together with ongoing internal security testing and review of our products. We are diligent in these efforts because we recognize bad actors continuously pursue increasingly sophisticated attacks, and it will take all of us working together to deliver solutions.

Today, Intel and our industry partners are sharing more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF). This method affects select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) and was first reported to us by researchers at KU Leuven University*, Technion – Israel Institute of Technology*, University of Michigan*, University of Adelaide* and Data61*1. Further research by our security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.

More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

I will address the mitigation question right up front: Microcode updates (MCUs) we released earlier this year are an important component of the mitigation strategy for all three applications of L1TF. When coupled with corresponding updates to operating system and hypervisor software released starting today by our industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.

L1TF is also addressed by changes we are already making at the hardware level. As we announced in March, these changes begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.

We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices. This includes keeping systems up-to-date and taking steps to prevent malware. More information on security best practices is available on the Homeland Security website.

About L1 Terminal Fault

All three applications of L1TF are speculative execution side channel cache timing vulnerabilities. In this regard, they are similar to previously reported variants. These particular methods target access to the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.

The microcode updates we released earlier this year provide a way for system software to clear this shared cache. Given the complexity, we created a short video to help explain L1TF.

Once systems are updated, we expect the risk to consumer and enterprise users running non-virtualized operating systems will be low. This includes most of the data center installed base and the vast majority of PC clients. In these cases, we haven’t seen any meaningful performance impact from the above mitigations based on the benchmarks we’ve run on our test systems.

There is a portion of the market – specifically a subset of those running traditional virtualization technology, and primarily in the data center – where it may be advisable that customers or partners take additional steps to protect their systems. This is principally to safeguard against situations where the IT administrator or cloud provider cannot guarantee that all virtualized operating systems have been updated. These actions may include enabling specific hypervisor core scheduling features or choosing not to use hyper-threading in some specific scenarios. While these additional steps might be applicable to a relatively small portion of the market, we think it’s important to provide solutions for all our customers.

For these specific cases, performance or resource utilization on some specific workloads may be affected and varies accordingly. We and our industry partners are working on several solutions to address this impact so that customers can choose the best option for their needs. As part of this, we have developed a method to detect L1TF-based exploits during system operation, applying mitigation only when necessary. We have provided pre-release microcode with this capability to some of our partners for evaluation, and hope to expand this offering over time.

For more information on L1TF, including detailed guidance for IT professionals, please visit the advisory on the security center. We’ve also provided a white paper and updated the FAQs on our security first website.

I’d like to again thank our industry partners and the researchers who first reported these issues for their collaboration and collected commitment to coordinated disclosure. Intel is committed to the security assurance of our products, and will continue to provide regular updates on issues as we identify and mitigate them.

As always, we continue to encourage everyone to take advantage of the latest security protections by keeping your systems up-to-date.

Leslie Culbertson is executive vice president and general manager of Product Assurance and Security at Intel Corporation.

1Raoul Strackx, Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, and Yuval Yarom

The post Protecting Our Customers through the Lifecycle of Security Threats appeared first on Intel Newsroom.

The Cybersecurity Community Driving Insights into Security Solutions

By Doug Fisher

I continue to be amazed by the power of what a community can achieve together – from developers contributing to open source projects for solving real-world business or social-economic problems, to industry consortia aligning and setting standards and policies on the forefront of emerging technologies. Nothing demonstrates the power of the community more than industrywide events such as the recent Cyber Week. It was a great example of the community coming together to share insights and discuss solutions to issues facing the public and private sectors of every company, city and country in the world today. We all have a role to play.

More: Intel Security News | Intel Advances Silicon-Based Security for AI and Blockchain Workloads (Rick Echevarria Editorial)

Intel has been very clear about making the security assurance of our Intel products a priority. Our role is broader than assurance alone. We hold a unique position in the digital ecosystem, designing and protecting the hardware that is the root of trust. Intel powers everything ranging from the endpoint to the cloud, and we have both an opportunity and a responsibility to help simplify security for tens of thousands of hardware, software and service providers, as well as billions of people using these products and services every day.

Active Participation in the Security Community

Listening to the community at events like Cyber Week is critical. It helps inform Intel on emergent trends and particular problems facing industry segments. We are able to apply those insights and learnings back to our product development so we can deliver differentiating features and capabilities required to provide valuable security solutions across the Intel platform portfolio.

We have been making tremendous progress with our approach. Intel and ecosystem partners are advancing security across the emerging, data-centric workloads of artificial intelligence (AI) and blockchain. Collaborations with Docker*, Duality* and Fortanix* are helping secure data in AI implementations. Companies like Enigma* and the Tel Aviv Stock Exchange* are investing in Intel processor technologies to help improve the security, scalability and privacy of distributed ledger networks.

Advancing Our Strategy

Window Snyder
Window Snyder

To continue that momentum, I am pleased to share that Window Snyder is joining Intel, in the Software and Services Group, as chief software security officer, vice president and general manager of the Intel Platform Security Division, effective July 9.

Window is an industry veteran who comes to us from Fastly*, where she has been the chief security officer. Before that, she spent over five years working on security and privacy strategy at Apple* and was the “Chief Security Something-or-Other” at Mozilla. She was also a founding member at Matasano*, a services company, and a senior security strategist at Microsoft*.

In this role with Intel, Window will be responsible for ensuring the company maintains a competitive security product roadmap across all segments in support of business group objectives and continues to engage with the external security ecosystem to apply industry trends and sensing to Intel roadmap differentiation.

More specifically, this involves leading the following areas across Intel:

Industry sensing and response: Driving partnerships with the operating system and security ecosystem to ensure we are better informed on the growing complexity of attacks and to help guide our approach and response.

Applying industry sensing for differentiation: Applying industry sensing to our roadmap to deliver differentiated security capabilities to secure data, workloads and other assets based on Intel platforms.

Customer-centric route to market: Driving a two-pronged approach to market by partnering with the security ecosystem and the developer ecosystem to drive scale for security.

I am looking forward to Window leveraging her experience in the community and bringing further valuable industry insight into Intel’s hardware-enabled security solutions.

Doug Fisher is senior vice president and general manager of the Software and Services Group for Intel Corporation.

The post The Cybersecurity Community Driving Insights into Security Solutions appeared first on Intel Newsroom.

Intel Advances Silicon-Based Security for AI and Blockchain Workloads

rick echevarriaBy Rick Echevarria

The future of a trusted and secure computing environment hinges on our collective ability to deliver solutions that improve the performance across a variety of workloads, while also optimizing security.

This week, at Cyber Week in Israel, I am joined by partners, customers, and cybersecurity industry and policy leaders from across the globe. Intel is committed to providing silicon-based security solutions that address the most pressing issues. There are three key themes at the conference, highlighting the challenges and opportunities facing our industry.

Emerging Workloads Deliver More Data to Analyze and Secure

Incoming data is increasingly difficult to effectively leverage without the computing power to process and learn from its growing volume and complexity. Machine learning (ML) algorithms, and other artificial intelligence (AI) applications and capabilities, have achieved remarkable results and are being extensively used in different domains. ML algorithms often require access to sensitive data, especially as the focus on data privacy increases around the world. Limiting access to the right data may limit the outcomes that can be achieved with the use of AI. In the case of blockchain, the security and privacy of data join transaction scalability as key technical considerations.

Intel technologies provide unique capabilities that can help improve the privacy, security and scalability for data-centric workloads like AI and blockchain. We are in a position to accelerate customer success by helping protect algorithms and data for AI applications as well as digital assets and smart contract execution for blockchain solutions.

At Cyber Week, we are focused on security for these two data-centric workloads: AI and blockchain. Technologies like Intel® Software Guard Extensions (Intel® SGX) enable the ecosystem to design solutions with improved security and privacy. What makes Intel SGX compelling is that it provides a hardware trusted execution environment (TEE), allowing better protections for data in-use, at-rest and in-transit. Also, built-in CPU instructions and platform enhancements provide cryptographic assertions for the code that is permitted to access the data. If the code is altered or tampered, then access is denied and the environment disabled.

Security for AI: Efforts Focus on Securing AI Data

We see security, in the context of AI, in two implementations. First, there is security for AI, where we focus on protecting data, algorithms and parameters. Second is AI for security, where we use AI for the detection of advanced exploits. The Advanced Platform Telemetry capability in our Intel® Threat Detection Technology is a step toward improving the outcomes of AI for security.

In security for AI, a couple of usages start integrating security to improve the outcomes that AI solutions can deliver. First is multiparty machine learning, where access to critical data and the integrity of algorithms are enabled by using homomorphic encryption and hardware-based trusted execution environments, like Intel SGX. Second is federated learning, for applications where one can’t move the data to a centralized location. In this usage, data owners at the edge work collaboratively to improve a shared prediction model.

At Cyber Week, we are highlighting several collaborations to add security to AI implementations.

  • We are collaborating with Docker* to help make AI more secure, useful and shareable for federated learning, by hardening containers with Intel silicon-based security technologies.
  • Intel researchers are making great strides toward practical methods for homomorphic encryption, a method that will allow computer systems to perform calculations on encrypted information without first decrypting. Duality* is collaborating with Intel to explore the security challenges of AI workloads using homomorphic encryption on Intel platforms. Duality* will use homomorphic encryption across every stage of an AI solution pipeline to minimize data exposure.
  • Fortanix* announced enhancements to its Runtime Encryption solution to help enable secure execution of ML algorithms, using Intel SGX enclaves, with support for Python and R languages commonly used in research and modeling. This, in turn, supports secure data sharing and analysis for AI training models and applications.

Security for Blockchain: Industry Adoption and Collaboration

Blockchain continues to show promise in transforming business processes. Intel processor technologies offer capabilities to help improve the security, scalability and privacy of distributed ledger networks. At Cyber Week, we are introducing innovations in what we call “off-chain computing” to help address both privacy and throughput for blockchain implementations. We are also highlighting recently announced collaborations.

  • Enigma* has developed a unique privacy protocol that uses Intel SGX to protect data, while allowing computation over the data. In our collaboration, we’ll work together to integrate this functionality for private smart contracts on the Ethereum public ledger.
  • Two weeks ago, Intel joined SAP* to formalize efforts in a blockchain consortium to construct a blockchain proof of concept to improve international shipping efficiencies on SAP’s blockchain-as-a-service platform.
  • Last month, the Tel Aviv Stock Exchange*, Accenture* and The Floor* announced the development of a new blockchain securities lending platform powered by Intel. This platform will transform the securities lending market in Israel by enabling direct lending among all the major financial instruments.

Security is pivotal to our company’s strategy and a fundamental underpinning for all workloads, especially those that are as data-centric as AI and blockchain. We will continue to innovate and make our silicon an active participant in the threat defense lifecycle. The announcements at Cyber Week underscore the value that our investments can deliver to meet the cybersecurity needs of organizations today.

Rick Echevarria is vice president in the Software and Services Group and general manager of the Platforms Security Division at Intel Corporation.

The post Intel Advances Silicon-Based Security for AI and Blockchain Workloads appeared first on Intel Newsroom.

Facebook’s Data Security Meltdown Could Bolster Blockchain: Analyst

The social media giant shouldn’t mistake the forest for the trees. While Facebook continues to reel from a security breach involving the personal data of tens of millions of users, they may just have demonstrated the value of an unalterable public ledger, aka blockchain. RBC Capital Markets analyst Mitch Steves thinks so, according to a recent

The post Facebook’s Data Security Meltdown Could Bolster Blockchain: Analyst appeared first on CCN

Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards

By Rick Echevarria

At Intel, we believe that working with security researchers is a crucial part of identifying and mitigating potential security issues in our products. Similar to other companies, one of the ways we’ve made this part of our operating model is through a bug bounty program. The Intel® Bug Bounty Program was launched in March 2017 to incentivize security researchers to collaborate with us to find and report potential vulnerabilities. This, in turn, helps us strengthen the security of our products, while also enabling a responsible and coordinated disclosure process.

More:  Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

Coordinated disclosure is widely regarded as the best way to responsibly protect customers from security exploits. It minimizes the risk that exploitable information becomes publicly known before mitigations are available. Working closely with our industry partners and our customers, we encourage responsible and coordinated disclosure to improve the likelihood that users will have solutions available when security issues are first published. Our Bug Bounty Program supports this objective by creating a process whereby the security research community can inform us, directly and in a timely fashion, about potential exploits that its members discover.

In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community, and provide better incentives for coordinated response and disclosure that help protect our customers and their data.

Updates to our program include:

  • Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
  • Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
  • Raising bounty awards across the board, with awards of up to $100,000 for other areas.

More details on the program, including these new updates, can be found online on the Intel security site or our HackerOne page.

We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge. Thank you, in advance, to all of those across the industry who choose to participate.

Rick Echevarria is vice president and general manager of Platform Security at Intel Corporation.

The post Expanding Intel’s Bug Bounty Program: New Side Channel Program, Increased Awards appeared first on Intel Newsroom.

Intel and Microsoft Collaborate to Deliver Industry-First Enterprise Blockchain Service

blockchain-2x1
» Click to view full infographic

Today, Microsoft announced a new framework that enables businesses to adopt blockchain technology for increased enterprise privacy and security, and named Intel as a key hardware and software development partner. As part of this collaboration, Microsoft, Intel and other blockchain technology leaders will build a new enterprise-targeted blockchain framework – called the Coco Framework – that integrates Intel® Software Guard Extensions (Intel SGX) to deliver improved transaction speed, scale and data confidentiality to enterprises. This first-of-its-kind innovation accelerates the enterprise readiness of blockchain technology, allowing developers to create flexible and more secure enterprise blockchain applications that can be easily managed by businesses.

Rick Echevarria Blog: Collaborating with Microsoft to Strengthen Enterprise Blockchains

Blockchain is a digital record-keeping system where digital transactions are executed, validated and recorded chronologically and publicly. Because it’s decentralized and transparent, it increases the efficiency and security of financial transactions – and does so at a significantly lower cost than traditional ledgers. The technology can be used for everything from simple file sharing to complex global payment processing and has the potential to transform the way companies operate.

Intel, Microsoft and other blockchain technology leaders are working together to deliver security-enhanced, scalable capabilities in blockchain services. The Coco Framework uses Intel SGX to add new levels of privacy and confidentiality to blockchain transactions. Intel SGX is a hardware-based security technology that can help improve blockchain solutions by providing a trusted execution environment that isolates key portions of a blockchain program. Intel SGX consists of a set of CPU instructions and platform enhancements that create private areas in the CPU and memory that can protect code and data during execution. Intel SGX helps the Coco Framework provide confidential data and accelerated transaction throughput. The data confidentiality is achieved by encrypting sensitive blockchain data until it is opened in an Intel SGX enclave by a permitted program. The accelerated throughput is achieved by isolating the transaction verification process to speed network consensus.

Intel is an active participant in the blockchain revolution, participating in developing standards, actively contributing technology and providing expert insight. Intel is actively engaged with industry leaders to improve performance, reliability and scalability of blockchain technologies.

Intel® Xeon processors provide unique capabilities that can improve the privacy, security and scalability of distributed ledger networks. For example, the recently-announced Intel® Xeon Scalable processors include a range of hardware-based trust, key protection and crypto-acceleration features that increase blockchain security and performance.

The post Intel and Microsoft Collaborate to Deliver Industry-First Enterprise Blockchain Service appeared first on Intel Newsroom.

Intel and Microsoft Collaborate to Deliver Industry-First Enterprise Blockchain Service

blockchain-2x1
» Click to view full infographic

Today, Microsoft announced a new framework that enables businesses to adopt blockchain technology for increased enterprise privacy and security, and named Intel as a key hardware and software development partner. As part of this collaboration, Microsoft, Intel and other blockchain technology leaders will build a new enterprise-targeted blockchain framework – called the Coco Framework – that integrates Intel® Software Guard Extensions (Intel SGX) to deliver improved transaction speed, scale and data confidentiality to enterprises. This first-of-its-kind innovation accelerates the enterprise readiness of blockchain technology, allowing developers to create flexible and more secure enterprise blockchain applications that can be easily managed by businesses.

Rick Echevarria Blog: Collaborating with Microsoft to Strengthen Enterprise Blockchains

Blockchain is a digital record-keeping system where digital transactions are executed, validated and recorded chronologically and publicly. Because it’s decentralized and transparent, it increases the efficiency and security of financial transactions – and does so at a significantly lower cost than traditional ledgers. The technology can be used for everything from simple file sharing to complex global payment processing and has the potential to transform the way companies operate.

Intel, Microsoft and other blockchain technology leaders are working together to deliver security-enhanced, scalable capabilities in blockchain services. The Coco Framework uses Intel SGX to add new levels of privacy and confidentiality to blockchain transactions. Intel SGX is a hardware-based security technology that can help improve blockchain solutions by providing a trusted execution environment that isolates key portions of a blockchain program. Intel SGX consists of a set of CPU instructions and platform enhancements that create private areas in the CPU and memory that can protect code and data during execution. Intel SGX helps the Coco Framework provide confidential data and accelerated transaction throughput. The data confidentiality is achieved by encrypting sensitive blockchain data until it is opened in an Intel SGX enclave by a permitted program. The accelerated throughput is achieved by isolating the transaction verification process to speed network consensus.

Intel is an active participant in the blockchain revolution, participating in developing standards, actively contributing technology and providing expert insight. Intel is actively engaged with industry leaders to improve performance, reliability and scalability of blockchain technologies.

Intel® Xeon processors provide unique capabilities that can improve the privacy, security and scalability of distributed ledger networks. For example, the recently-announced Intel® Xeon Scalable processors include a range of hardware-based trust, key protection and crypto-acceleration features that increase blockchain security and performance.

The post Intel and Microsoft Collaborate to Deliver Industry-First Enterprise Blockchain Service appeared first on Intel Newsroom.

KARL – kernel address randomized link

In a message to the tech@ mailing list, Theo de Raadt (deraadt@) has announced a new randomization feature for kernel protection:

Over the last three weeks I've been working on a new randomization
feature which will protect the kernel.
[...]
Recently I moved all our kernels to a new mapping model, with patrick
and visa taking care of two platforms.
[...]
As a result, every new kernel is unique.  The relative offsets between
functions and data are unique.
[...]
However, snapshots of -current contain a futher change, which I
worked on with Robert Peichaer (rpe@):

That change is scaffolding to ensure you boot a newly-linked kernel
upon every reboot.[...]

Read the full message for the juicy details.

Note that, because of the new mechanisms, unhibernate does not work on -current (for now).