Is VT-d necessary for TXT

Is VT-d necessary for TXT

I know TXT requires that TXT heap, AC and MLE must reside in DMA-protected region. DPR and PMR are two methods to handle it. The DPR (DMA protected range) is said to work at final check after VT-d in official development guide. It should be locked once initialized by BIOS. I guess it is a chipset function and can work without VT-d because it is controlled by TXT.DPR and I never found it in VT-d document.

So, if DPR is defined large enough to cover MLE (it said currently DPR is 3MB), can I say GETSEC[SENTER] can be executed without VT-d? Will AC check VT-d even if DPR is correctly set?

I want to know it beacuse my machine, Dell T3400 is equipped with X38 chipset. It is VT-d capable but I'm afraid BIOS do not enable it since I cannot find DMAR entry in ACPI. I prefer to do some experiments before I upgrade to a newer machine (it is unavoidable because the lastest AC module discontinues to support X38).

Thanks.

7 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Updates:

I just got reply from Dell. They said for T3400 with A09 BIOS, VT-d will be enabled whenever VT is enabled.

But I cannot confirm it since I am failed to find "DMAR" in ACPI list. Interestingly, when I dump PCI configure space into file, I can see bit to indicate "VT-d enabled" is set on memory controller hub (B0/D0/F0). Yet, bit for "TXT mode disabled" is also set. I am going to test SENTER to check it.

Before that, I wonder is there any convention for DRHD table base address? In Flicker, it is 0xfed90000. ?Is that a common address?

Ibrought yourquestion to the attention ofa TXT engineer and have been waiting on a reply. Will post result asap.

David Ott

About your first posting above, I received this comment from an expert on the subject:

"Even though the MLE can be put in the DPR and the DPR does not depend on VT-d, VT-d is still required on the platform. SINIT will verify the VT-d DMAR ACPI tables so that any MLE code that wants to use VT-d can do so safely. The MLE, however, does not have to use VT-d; the platform/BIOS simply must enable it."

David Ott

About your second posting above, I received this comment from another expert:

"VT-d MMIO address differs from platform to platform. The base address should be documented in chipset datasheet."

David Ott

Many thanks!

Then it drives me to buy a new platform. I'd appreciate it if you can give me some advices on how to choose the processor and chipset.

I am going to design a security framework based on TXT and MLE for real-time application. My basic requirement is:
1. TXT-capable. In other words, it can run tboot.
2. Some new features in VT-x: EPT, Preemption Timer

My understand is that VT-x is a CPU feature but TXT is related to both CPU and chipset. i7-800, i5-700, i5-600 are said to support EPT and Preemption Timer according to specification. A desktop i5-600 dual-core CPU (their AC modules just released) is a possible choice. Other quad-core CPUs like i7-800, i5-700 are said to support TXT in specification but AC module is absent currently. The latest Xeon with 6 cores has similar situation.

For the chipset, I compared Q57, P55, H57, H55 (http://ark.intel.com/Compare.aspx?ids=42706,42690,42700,42703,) and only Q57 is clearly labled with TXT and VT-d capability. Capabilities of P55 are undocumented but I really concern it since it is widely used by manufactures.

So, is there any off-the-shelf desktop can satisfy my requirements? Or can I say all products with i5-600+Q57 (of course, with TPM and proper BIOS) are ok for me? Please correct me if I am wrong.

Also, can I know is there any new revision of TXT being released soon (e.g. within 6 months)?

Thanks in advance!

Here are some comments I received:

The P55 supports Intel TXT (see http://www.intel.com/Assets/PDF/datasheet/322169.pdf p. 42).

The SINIT ACM for the quad core TXT-capable processors will be made available shortly.

No newrevision of TXT is planned, but there will be additional processors that will support it.

David Ott

Leave a Comment

Please sign in to add a comment. Not a member? Join today