* VT-X Locking Bit Flip in Real Mode?
@ 2012-03-30 19:29 Jake Thomas
2012-03-30 21:12 ` Nadav Har'El
0 siblings, 1 reply; 4+ messages in thread
From: Jake Thomas @ 2012-03-30 19:29 UTC (permalink / raw)
To: kvm
Hello kvm folk,
I saw this:
http://www.linux-kvm.org/page/Enable_VT-X_on_Mac_Pro_%28Early_2008%29
, and was intrigued.
There is a bit in the MSR that determines whether or not you can
turn VT-X (hardware-assisted virtualization) on or off.
One bit in the MSR is an on/off switch for turning VT-X on and
off, and another bit in the MSR locks this switch. So if it's locked
and VT-X is on, you can't turn VT-X off, and if it's locked and VT-X
is off, you can't turn VT-X on. But if it's not locked, you can freely
turn VT-X on or off and even back.
The assumption here is that once the locking bit is in the
"locked" position, you can't unlock it until a power cycle unlocks it.
Or else it'd be pointless. You'd just flip the locking bit to the
"unlocked" position and be on your merry way.
But I can't help but wonder if you can flip the locking bit from
the "locked" position to the "unlocked" position if you're still in
real mode.
Because then, one could "simply" write a Grub module to unlock the
VT-X switch and/or enable VT-X for you. I envision something like
this:
grub> insmod vtxunlocker
grub> vtxunlocker --unlock
grub> vtxunlocker --enable
Where in the first line the hypothetical grub module "vtxunlocker"
is inserted, making the "vtxunlocker" command available.
In the second line, the command "vtxunlocker" is used with the
parameter "--unlock" to flip the VT-X locking bit into the "unlocked"
posistion.
And in the third line, the command "vtxunlocker" is used with the
parameter "--enable" to actually enable VT-X by flipping its bit into
the "on" position.
Remember, this is all happening in real mode because Grub is in real
real mode until you decide to boot an OS, or perhaps even past that
moment, as is the case with booting Linux (I've read that it's Linux
that pushes the big red "protected" button rather than Grub).
For sake of completeness, the following probably should also be
functionalities and parameters of "vtxunlocker":
--lock : puts the VT-X locking bit into the "locked" position
--disable : turns VT-X off
--isLocked : prints "true" to the screen if the VT-X locking bit
is in the "locked" position, "false" if it is in the "unlocked"
position
--isEnabled : prints "true" to the screen if VT-X is enabled,
"false" if it is disabled.
--help and -h : prints all possible parameters for vtxunlocker and what they do
And of course you can put any of this into a Grub entry in grub.cfg
rather than having to break into command line every boot.
Such a Grub module would probably be safer than hacking firmware/
firmware settings with dd. It would also be universal from computer to
computer. So if a "hack" hasn't been figured out for your computer
yet, you could just use the Grub module. And it'd be a lot easier to
use.
And for ease of use/ practicality/ simplicity, the "vtxunlocker
--enable" command would check to see if the VT-X switch is locked,
unlock it if it is, and then proceed to enable VT-X, making the second
line in the above example unneeded, but good for showing what's going
on to n00bs ; D .
Cheers,
Jake
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: VT-X Locking Bit Flip in Real Mode?
2012-03-30 19:29 VT-X Locking Bit Flip in Real Mode? Jake Thomas
@ 2012-03-30 21:12 ` Nadav Har'El
0 siblings, 0 replies; 4+ messages in thread
From: Nadav Har'El @ 2012-03-30 21:12 UTC (permalink / raw)
To: Jake Thomas; +Cc: kvm
On Fri, Mar 30, 2012, Jake Thomas wrote about "VT-X Locking Bit Flip in Real Mode?":
> The assumption here is that once the locking bit is in the
> "locked" position, you can't unlock it until a power cycle unlocks it.
This is indeed what the Intel spec say - unless I'm misunderstanding
something.
> But I can't help but wonder if you can flip the locking bit from
> the "locked" position to the "unlocked" position if you're still in
> real mode.
What makes you think that being in real mode makes a difference?
As far as I know, it doesn't. Any reason why you think it does?
--
Nadav Har'El | Saturday, Mar 31 2012,
nyh@math.technion.ac.il |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Take my advice, I don't use it anyway.
http://nadav.harel.org.il |
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: VT-X Locking Bit Flip in Real Mode?
@ 2012-03-30 23:24 Jake Thomas
2012-03-30 23:47 ` Jake Thomas
0 siblings, 1 reply; 4+ messages in thread
From: Jake Thomas @ 2012-03-30 23:24 UTC (permalink / raw)
To: kvm
I'm no expert on the subject, but I know that real mode doesn't have any "protections" in place yet like protected mode does. These "protections" are the processor preventing programs from doing certain things, and I was wondering if one of those things is flipping that VT-X locking bit.
In real mode things haven't been set in stone yet. There's more flexibility. From real mode the processor can go into one mode or another. But once you go out of real mode, you can't come back without a power cycle. Given the flexibility and "unsetness" of real mode, still being able to flip that bit goes with the theme of real mode in my mind.
Jake
Sent from my iPhone
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: VT-X Locking Bit Flip in Real Mode?
2012-03-30 23:24 Jake Thomas
@ 2012-03-30 23:47 ` Jake Thomas
0 siblings, 0 replies; 4+ messages in thread
From: Jake Thomas @ 2012-03-30 23:47 UTC (permalink / raw)
To: kvm
I guess a less convoluted way of stating my logic would have been:
"Maybe it's just protected mode keeping you from doing it."
And/or:
"You can do things in real mode that you can't do in protected mode. Maybe this is one of them."
And/or
"Can real mode even stop you, given the "protections" of protected mode aren't in place yet? Being the "opposite" of protected mode, does real mode even try and stop you from doing anything? Isn't that the point of real mode? Let you do anything to get the system going?"
Jake
Sent from my iPhone
On Mar 30, 2012, at 4:24 PM, Jake Thomas <thomasj10@georgefox.edu> wrote:
> I'm no expert on the subject, but I know that real mode doesn't have any "protections" in place yet like protected mode does. These "protections" are the processor preventing programs from doing certain things, and I was wondering if one of those things is flipping that VT-X locking bit.
>
> In real mode things haven't been set in stone yet. There's more flexibility. From real mode the processor can go into one mode or another. But once you go out of real mode, you can't come back without a power cycle. Given the flexibility and "unsetness" of real mode, still being able to flip that bit goes with the theme of real mode in my mind.
>
> Jake
>
> Sent from my iPhone
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-03-30 23:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-30 19:29 VT-X Locking Bit Flip in Real Mode? Jake Thomas
2012-03-30 21:12 ` Nadav Har'El
2012-03-30 23:24 Jake Thomas
2012-03-30 23:47 ` Jake Thomas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.