- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know TXT requires that TXT heap, AC and MLE must reside in DMA-protected region. DPR and PMR are two methods to handle it. The DPR (DMA protected range) is said to work at final check after VT-d in official development guide. It should be locked once initialized by BIOS. I guess it is a chipset function and can work without VT-d because it is controlled by TXT.DPR and I never found it in VT-d document.
So, if DPR is defined large enough to cover MLE (it said currently DPR is 3MB), can I say GETSEC[SENTER] can be executed without VT-d? Will AC check VT-d even if DPR is correctly set?
I want to know it beacuse my machine, Dell T3400 is equipped with X38 chipset. It is VT-d capable but I'm afraid BIOS do not enable it since I cannot find DMAR entry in ACPI. I prefer to do some experiments before I upgrade to a newer machine (it is unavoidable because the lastest AC module discontinues to support X38).
Thanks.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Updates:
I just got reply from Dell. They said for T3400 with A09 BIOS, VT-d will be enabled whenever VT is enabled.
But I cannot confirm it since I am failed to find "DMAR" in ACPI list. Interestingly, when I dump PCI configure space into file, I can see bit to indicate "VT-d enabled" is set on memory controller hub (B0/D0/F0). Yet, bit for "TXT mode disabled" is also set. I am going to test SENTER to check it.
Before that, I wonder is there any convention for DRHD table base address? In Flicker, it is 0xfed90000. ?Is that a common address?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
David Ott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"Even though the MLE can be put in the DPR and the DPR does not depend on VT-d, VT-d is still required on the platform. SINIT will verify the VT-d DMAR ACPI tables so that any MLE code that wants to use VT-d can do so safely. The MLE, however, does not have to use VT-d; the platform/BIOS simply must enable it."
David Ott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"VT-d MMIO address differs from platform to platform. The base address should be documented in chipset datasheet."
David Ott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then it drives me to buy a new platform. I'd appreciate it if you can give me some advices on how to choose the processor and chipset.
I am going to design a security framework based on TXT and MLE for real-time application. My basic requirement is:
1. TXT-capable. In other words, it can run tboot.
2. Some new features in VT-x: EPT, Preemption Timer
My understand is that VT-x is a CPU feature but TXT is related to both CPU and chipset. i7-800, i5-700, i5-600 are said to support EPT and Preemption Timer according to specification. A desktop i5-600 dual-core CPU (their AC modules just released) is a possible choice. Other quad-core CPUs like i7-800, i5-700 are said to support TXT in specification but AC module is absent currently. The latest Xeon with 6 cores has similar situation.
For the chipset, I compared Q57, P55, H57, H55 (http://ark.intel.com/Compare.aspx?ids=42706,42690,42700,42703,) and only Q57 is clearly labled with TXT and VT-d capability. Capabilities of P55 are undocumented but I really concern it since it is widely used by manufactures.
So, is there any off-the-shelf desktop can satisfy my requirements? Or can I say all products with i5-600+Q57 (of course, with TPM and proper BIOS) are ok for me? Please correct me if I am wrong.
Also, can I know is there any new revision of TXT being released soon (e.g. within 6 months)?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here are some comments I received:
The P55 supports Intel TXT (see http://www.intel.com/Assets/PDF/datasheet/322169.pdf p. 42).
The SINIT ACM for the quad core TXT-capable processors will be made available shortly.
No newrevision of TXT is planned, but there will be additional processors that will support it.
David Ott
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page