- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to figure out if there is a way to establish and then lock VT-d settings created by the BIOS. I found the VTGENCTRL register and I see that is has a lock bit at bit [15]. The question though is, can't the OS simply reset that bit to '0' and change the settings, assuming there is no VMM trapping on such events? Is there a mechanism available wherein the VT-d setting can be established and then locked down until the next re-boot?
- Tags:
- Virtualization
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You'll need to be a little more explicit - when you say "can't the OS simply reset the bit" - do you mean the Host or Guest OS?
If you meant "can't the guest OS simply reset the bit", then yes. If you don't trap on MSR access, then yes you create a situation in which a guest OS can change the state of an MSR. I forget the name of the field in the VMCS, but the way you would prevent such access would be exactly to Exit on MSR access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the purpose of the lock bit, then? I was given to understand that lock bits on Intel processors, or at least this one, is a one-time set bit. In this way, once the bit is set to set the VT-d BAR as read-only, all access based off the VT-d BAR would then be read-only as well until the next power cycle. However, I haven't been able to confirm or deny that information. Is your assertion then that the OS actually IS able to reset that bit without a power cycle? If so, do you know if there is any documentation to support this claim? I'm not questioning it; I just really need some evidence to back up the trust, whatever it may be.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it worked out. The lock-bit does in fact work and is NOT resettable by the OS. So once BIOS initializes the VT-d setting, it can set the bit in the VTGENCTRL register that will prohibit modification of the register without a processor reset. Thanks!

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page