<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Got it worked out. The lock in Software Archive</title>
    <link>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174730#M79458</link>
    <description>&lt;P&gt;Got it worked out. The lock-bit does in fact work and is NOT resettable by the OS. So once BIOS initializes the VT-d setting, it can set the bit in the VTGENCTRL register that will prohibit modification of the register without a processor reset. Thanks!&lt;/P&gt;</description>
    <pubDate>Mon, 09 Jul 2018 19:46:52 GMT</pubDate>
    <dc:creator>Matthew_A_</dc:creator>
    <dc:date>2018-07-09T19:46:52Z</dc:date>
    <item>
      <title>Locking VT-d Settings</title>
      <link>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174727#M79455</link>
      <description>&lt;P&gt;I'm trying to figure out if there is a way to establish and then lock VT-d settings created by the BIOS.&amp;nbsp; I found the VTGENCTRL register and I see that is has a lock bit at bit [15].&amp;nbsp; The question though is, can't the OS simply reset that bit to '0' and change the settings, assuming there is no VMM trapping on such events?&amp;nbsp; Is there a mechanism available wherein the VT-d setting can be established and then locked down until the next re-boot?&lt;/P&gt;</description>
      <pubDate>Wed, 25 Apr 2018 12:21:37 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174727#M79455</guid>
      <dc:creator>Matthew_A_</dc:creator>
      <dc:date>2018-04-25T12:21:37Z</dc:date>
    </item>
    <item>
      <title>You'll need to be a little</title>
      <link>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174728#M79456</link>
      <description>&lt;P&gt;You'll need to be a little more explicit - when you say "can't the OS simply reset the bit" - do you mean the Host or Guest OS?&amp;nbsp;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;If you meant "can't the guest OS simply reset the bit", then yes.&amp;nbsp;&amp;nbsp;&lt;SPAN style="font-size: 1em;"&gt;If you don't trap on MSR access, then yes you create a situation in which a guest OS can change the state of an MSR.&amp;nbsp; I forget the name of the field in the VMCS, but the way you would prevent such access would be exactly to Exit on MSR access.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 01 May 2018 21:42:11 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174728#M79456</guid>
      <dc:creator>Gregory</dc:creator>
      <dc:date>2018-05-01T21:42:11Z</dc:date>
    </item>
    <item>
      <title>What is the purpose of the</title>
      <link>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174729#M79457</link>
      <description>&lt;P&gt;What is the purpose of the lock bit, then? I was given to understand that lock bits on Intel processors, or at least this one, is a one-time set bit. In this way, once the bit is set to set the VT-d BAR as read-only, all access based off the VT-d BAR would then be read-only as well until the next power cycle. However, I haven't been able to confirm or deny that information. Is your assertion then that the OS actually IS able to reset that bit without a power cycle?&amp;nbsp;If so, do you know if there is any documentation to support this claim? I'm not questioning it; I just really need some evidence to back up the trust, whatever it may be.&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;

&lt;P&gt;Thanks!&lt;/P&gt;</description>
      <pubDate>Thu, 03 May 2018 19:47:08 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174729#M79457</guid>
      <dc:creator>Matthew_A_</dc:creator>
      <dc:date>2018-05-03T19:47:08Z</dc:date>
    </item>
    <item>
      <title>Got it worked out. The lock</title>
      <link>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174730#M79458</link>
      <description>&lt;P&gt;Got it worked out. The lock-bit does in fact work and is NOT resettable by the OS. So once BIOS initializes the VT-d setting, it can set the bit in the VTGENCTRL register that will prohibit modification of the register without a processor reset. Thanks!&lt;/P&gt;</description>
      <pubDate>Mon, 09 Jul 2018 19:46:52 GMT</pubDate>
      <guid>https://community.intel.com/t5/Software-Archive/Locking-VT-d-Settings/m-p/1174730#M79458</guid>
      <dc:creator>Matthew_A_</dc:creator>
      <dc:date>2018-07-09T19:46:52Z</dc:date>
    </item>
  </channel>
</rss>

