- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is that the case or is it being called something else on other CPU versions or is it only included in Xeon Scaleable 2nd and 3rd and some Xeon X generations?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HHH03,
Thank you for posting your question on this Intel® Community.
Mode-based Execution Control (MBE) is an Intel® Virtualization Technology (Intel® VT-x) new feature. As you pointed out, it is natively supported on Intel® Xeon® Scalable, 2nd, and 3rd Gen Intel® Xeon® Scalable processors.
To better assist you, could you please provide us with additional details about the CPU, or CPU families, you are currently using?
Wanner G.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I’m not sure how they would perform using Windows HVCI security mode. If you have insight on how they would perform using HVCI, it would be appreciated much.
Thanks HHH03
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HHH03,
I will look into this request, and provide an update soon.
In the meantime, what I can recommend is that you review the following documentation available from Microsoft* about HVCI on Windows* 10:
Enable virtualization-based protection of code integrity
Wanner G.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HHH03,
Please find below an update to your thread.
The performance overhead of HVCI is reduced when the processor supports MBEC. If HVCI is turned on, but the processor does not support MBEC, the result would be higher overload compared to processors that do support MBEC.
From an Intel CPU perspective, support for MBEC can be ascertained by checking if Bit 54 of MSR 48BH (IA32_VMX_PROCBASED_CTLS2) is set. This is described in detail in Intel Software Developer Manual Volume 3C Section 23.6.2 & Appendix A.3.3. SDM is at: http://www.intel.com/sdm
From a Windows perspective, when HVCI is enabled and the system is rebooted, msinfo32.exe output will list "Mode-based Execution Control" in the "Virtualization-based Security Available Security Properties" line. Alternate methods to query this information is described in the Microsoft article https://docs.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity
On the server processor side, Xeon Broadwell generation processors do not support MBEC. Skylake generation processors introduced support for MBEC.
We hope you find this information helpful.
Wanner G.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HHH03,
Were you able to review the information I shared on my previous post.
If you need any further assistance, please let me know.
Wanner G.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello HHH03,
Since I have not heard back from you, I will proceed to close this thread.
I hope you found the information we shared helpful.
Wanner G.
Intel Customer Support Technician
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page