Manuals / Intel / Computer Equipment / Computer Hardware

Intel BX80637I73770K, CM8064601466200, CM8064601466003, CM8063701212200 manual Intel VT-d Objectives

Models: BX80633I74960X BX80646I34130 BX80646I54430 BX80646I74770K BX80646I74770 BX80646I54570S BX80646I74770S BXF80646I74770K CM8063701159502 CM8063701212200 BX80637I73770K CM8064601466003 CM8064601466200

1 120
Download 120 pages 30.96 Kb
Page 41
Image 41
Intel® VT-d Objectives

Technologies—Processor

Descriptor-Table Exiting

Descriptor-table exiting allows a VMM to protect a guest operating system from an internal (malicious software based) attack by preventing relocation of key system data structures like IDT (interrupt descriptor table), GDT (global descriptor table), LDT (local descriptor table), and TSS (task segment selector).

A VMM using this feature can intercept (by a VM exit) attempts to relocate these data structures and prevent them from being tampered by malicious software.

Intel® VT-d Objectives

The key Intel VT-d objectives are domain-based isolation and hardware-based virtualization. A domain can be abstractly defined as an isolated environment in a platform to which a subset of host physical memory is allocated. Intel VT-d provides accelerated I/O performance for a virtualized platform and provides software with the following capabilities:

I/O device assignment and security: for flexibly assigning I/O devices to VMs and extending the protection and isolation properties of VMs for I/O operations.

DMA remapping: for supporting independent address translations for Direct Memory Accesses (DMA) from devices.

Interrupt remapping: for supporting isolation and routing of interrupts from devices and external interrupt controllers to appropriate VMs.

Reliability: for recording and reporting to system software DMA and interrupt errors that may otherwise corrupt memory or impact VM isolation.

Intel VT-d accomplishes address translation by associating a transaction from a given I/O device to a translation table associated with the Guest to which the device is assigned. It does this by means of the data structure in the following illustration. This table creates an association between the device's PCI Express* Bus/Device/Function (B/D/F) number and the base address of a translation table. This data structure is populated by a VMM to map devices to translation tables in accordance with the device assignment restrictions above, and to include a multi-level translation table (VT-d Table) that contains Guest specific address translations.

Desktop 4th Generation Intel® CoreProcessor Family, Desktop Intel® Pentium® Processor Family, and Desktop Intel® Celeron® Processor Family

December 2013

Datasheet – Volume 1 of 2

Order No.: 328897-004

41

Page 40 Page 42
Page 41
Image 41
Intel BX80637I73770K, CM8064601466200, CM8064601466003, CM8063701212200, CM8063701159502, BX80646I74770S Intel VT-d Objectives
Page 40 Page 42