Excuse my ignorance, but as my username says, I am a somewhat a "noob" to the whole TxT/VT world. Anyway, what I am trying to figure out is, if you just want to have measured launch of a PC do you have to have both TxT and VT-d (Yes, assume the TPM is there)? Or is the VT only needed if you're doing virtualization? Of course, haveing VT-d makes sense if you're doing Virtualization, but I guess my real question is whether or not TxT requires the VT technology no matter your scenario. Say, for instance, an organization only wants to perform remote attestation (using SRTM/DRTM) of a host and doesn't use virtualization at all. I hope that all makes sense. Also, what other chip makers out there are currently supporting Measured Launch? I think AMD's version of VT-d is called IOMMU. Just trying to see who else does this and if there is a standard as well.
- Intel® VTVT-X
This discussion forum is for Intel vPro Technology. It appears that your question is related to Intel processor virtualization technology. You will probably get a better response to your question in another Intel community.
Edit: Unless Javed replies
We all were once a noob but then one learns with time :-)
Anyway, coming to your query, first let me brief you a bit on VT-d.
While you are doing Virtualization, the guest OS uses the hardware resources of the server/desktop to run through virtualization. An input/output memory management unit (IOMMU) enables guest http://en.wikipedia.org/wiki/Virtual_machine virtual machines to directly use http://en.wikipedia.org/wiki/Peripheral peripheral devices, such as ethernet and accelerated graphics cards, through http://en.wikipedia.org/wiki/Direct_memory_access DMA and http://en.wikipedia.org/wiki/Interrupt interrupt remapping. Both AMD and Intel have released specifications. The AMD specification labels this technology "IOMMU" (an acronym for the common name of this form of virtualization) while Intel has called their implementation "Intel's Virtualization Technology for Directed I/O" (VT-d).
Now as for VT-d and TXT relationship:
The TXT is commercially distributed with another technology VT-d. The VT-d provides hardware remote security, protecting hardware, storage and communications, adding another security level against software attacks.
VT-d is an environment model that shares hardware resources using I/O virtualization. This can then allow control over each process's access to resources without using reprobative exclusive access methods.
Then for that matter, is TXT required for Virtualization too?
NO! If TXT is being used with VT-d, it does not mean that TXT is necessarily required for Virtualization cause basically TXT (Trusted Execution Technology) is commonly advertised by Intel as a security technology. TXT is intended to provide users and organizations with a higher level of trust while accessing, modifying or creating sensitive data and code and of course, TPM is required for that matter. This technology could be coupled with VT-d (Intel Virtualization Technology for Directed I/O) designed to backup the TXT outside of the chip, and even outside the Computer itself.
So what do we conclude?
So from the look of it and what I have worked on so far, I surmise that for a measured launch, you would need to enable them both as VT-d works in conjunction with TXT because VT-d would provide hardware remote security adding another level of security against the software attacks. However, recalling VT-d, since it is an environment model that shares hardware resources using I/O virtualization which then allow control over each process's access to resources without using reprobative exclusive access methods, it might be the case that you can opt out for a measured launch without VT-d lest you are not doing Virtualization. I am not very sure about the latter but you might need to give it a shot while I would look further into this and discuss it with ones who have more experience with measured launch.
Moreover, kindly do not take my words as final verdict from Intel cause these findings are based on my own experience but not to be taken as a final word from Intel, directly or indirectly.
Any reference for that matter?
However if you experience something new, please update us on that as well. I would also encourage you to brush through the PDF document at the URL below and for further details, do look into the references provided at the end of that document:
I have a few documents on this that can actually give you further information on this however respecting the confidentiality of those documents, can not share them but always help you in this regard to resolve any problem or answer any query that you may have
Get back to us if need be
Hope this helps however if you further questions especially regarding this, be sure to post it in our server room section and we'd be glad to help.
Thank you, have a great day!
Intel Go Green, Save The Environment!
I am glad that it helped in anyway.
You are more than welcome my friend and ask as many questions as you want, we are always glad to be of any help
Since you are interested in learning more about Virtualization, here is a cool wiki link for you: http://communities.intel.com/docs/DOC-1749
Intel Go Green, Save The Environment!