Is VT-d necessary for TXT

Is VT-d necessary for TXT

I know TXT requires that TXT heap, AC and MLE must reside in DMA-protected region. DPR and PMR are two methods to handle it. The DPR (DMA protected range) is said to work at final check after VT-d in official development guide. It should be locked once initialized by BIOS. I guess it is a chipset function and can work without VT-d because it is controlled by TXT.DPR and I never found it in VT-d document.

So, if DPR is defined large enough to cover MLE (it said currently DPR is 3MB), can I say GETSEC[SENTER] can be executed without VT-d? Will AC check VT-d even if DPR is correctly set?

I want to know it beacuse my machine, Dell T3400 is equipped with X38 chipset. It is VT-d capable but I'm afraid BIOS do not enable it since I cannot find DMAR entry in ACPI. I prefer to do some experiments before I upgrade to a newer machine (it is unavoidable because the lastest AC module discontinues to support X38).

Thanks.

7 Beiträge / 0 neu
Letzter Beitrag
Nähere Informationen zur Compiler-Optimierung finden Sie in unserem Optimierungshinweis.

Updates:

I just got reply from Dell. They said for T3400 with A09 BIOS, VT-d will be enabled whenever VT is enabled.

But I cannot confirm it since I am failed to find "DMAR" in ACPI list. Interestingly, when I dump PCI configure space into file, I can see bit to indicate "VT-d enabled" is set on memory controller hub (B0/D0/F0). Yet, bit for "TXT mode disabled" is also set. I am going to test SENTER to check it.

Before that, I wonder is there any convention for DRHD table base address? In Flicker, it is 0xfed90000. ?Is that a common address?

Bild des Benutzers David Ott (Intel)

Ibrought yourquestion to the attention ofa TXT engineer and have been waiting on a reply. Will post result asap.

David Ott

Bild des Benutzers David Ott (Intel)

About your first posting above, I received this comment from an expert on the subject:

"Even though the MLE can be put in the DPR and the DPR does not depend on VT-d, VT-d is still required on the platform. SINIT will verify the VT-d DMAR ACPI tables so that any MLE code that wants to use VT-d can do so safely. The MLE, however, does not have to use VT-d; the platform/BIOS simply must enable it."

David Ott

Bild des Benutzers David Ott (Intel)

About your second posting above, I received this comment from another expert:

"VT-d MMIO address differs from platform to platform. The base address should be documented in chipset datasheet."

David Ott

Many thanks!

Then it drives me to buy a new platform. I'd appreciate it if you can give me some advices on how to choose the processor and chipset.

I am going to design a security framework based on TXT and MLE for real-time application. My basic requirement is:
1. TXT-capable. In other words, it can run tboot.
2. Some new features in VT-x: EPT, Preemption Timer

My understand is that VT-x is a CPU feature but TXT is related to both CPU and chipset. i7-800, i5-700, i5-600 are said to support EPT and Preemption Timer according to specification. A desktop i5-600 dual-core CPU (their AC modules just released) is a possible choice. Other quad-core CPUs like i7-800, i5-700 are said to support TXT in specification but AC module is absent currently. The latest Xeon with 6 cores has similar situation.

For the chipset, I compared Q57, P55, H57, H55 (http://ark.intel.com/Compare.aspx?ids=42706,42690,42700,42703,) and only Q57 is clearly labled with TXT and VT-d capability. Capabilities of P55 are undocumented but I really concern it since it is widely used by manufactures.

So, is there any off-the-shelf desktop can satisfy my requirements? Or can I say all products with i5-600+Q57 (of course, with TPM and proper BIOS) are ok for me? Please correct me if I am wrong.

Also, can I know is there any new revision of TXT being released soon (e.g. within 6 months)?

Thanks in advance!

Bild des Benutzers David Ott (Intel)

Here are some comments I received:

The P55 supports Intel TXT (see http://www.intel.com/Assets/PDF/datasheet/322169.pdf p. 42).

The SINIT ACM for the quad core TXT-capable processors will be made available shortly.

No newrevision of TXT is planned, but there will be additional processors that will support it.

David Ott

Melden Sie sich an, um einen Kommentar zu hinterlassen.