flat assembler
Message board for the users of flat assembler.

Index > Heap > UEFI HyperVisor presentation in Vegas

Goto page Previous  1, 2, 3
Author
Thread Post new topic Reply to topic
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
Alphonso wrote:
Not sure if upgrade is the right word here, it implies flashing the BIOS.

Thanks for taking the time to read the article Alphonso. "Flashing the BIOS" is the correct phrase in this case. I am refering to the IA32_FEATURE_CONTROL MSR. Bit [0] in this MSR is the "gate keeper", it's the "Lock Bit". If this bit is cleared (set to zero) VMXON causes a GPF. If Bit[0] is set (set to one) changing any value in this MSR (WRMSR) causes a GPF.

Bit[1] and Bit[2] in the IA32_FEATURE_CONTROL MSR enable/disable VMX in and out of SMX (Safer Mode Extenstion) mode respectively.

So, in order for a platform to enable VMX the BIOS must set Bit[1] and/or Bit[2] to a value of one AND Bit[0] to a value of one. If you are able to enable and disable VT-x via the BIOS menu options, then your IA32_FEATURE_CONTROL MSR is configured this way.
It is possible that your new MB is configured to run VMX only in SMX mode. I.e, Bit[2] is zero and Bit[1] is set to one, meaning you can run VMX (BIOS menu enabled), but only in SMX mode. Check Bits [0], [1], and [2] of the MSR.
Post 25 Sep 2008, 22:11
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
In fact, it is the bit #2 (vmx enable) which says if VMXON works or not, not bit #0. But problem is that bit #2 is usually cleared, and to set it, you must make sure bit #0 (lock bit) is 0.

If bit #0 (lock bit) is set, you can't change contents of this MSR, thus you can't set bit #2 (vmx enable), thus VMXON won't work. This is to allow disabling VMX completely in BIOS (so Joanna's undetectable rootkit can't take over your machine).

I am not so sure if you really need to set bit #0 (lock bit) for VMXON to work. I think that is simply done to prevent anyone else messing with this MSR, after you have become the boss. I for myself always set bit #0 too Smile

Bad thing is that some BIOS developers decided to not support VMX, even if hardware would support it, and simply locked this MSR (with bit#2 cleared => VMX disabled). If they wouldn't touch this register at all, everything would be fine. But I think this is becoming problem of past, and most vendors now provide proper virtualization settings.

HyperVista: Haven't heard much about Safer Mode Extension, but i think you got your "respectively" wrong, it's bit #2 for VMX, not bit #1, i think.
Post 25 Sep 2008, 23:30
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Thanks for the article Don.

FYI with VT disabled via BIOS setup EAX returns 00000001 using ECX=3A RDMSR, with VT enabled via BIOS setup EAX returns 00000005 indicating VMX outside SMX operation.


Vid:
Intel® 64 and IA-32 Architectures Software Developer’s Manual" Volume 2B wrote:
Bit 0 is a lock bit. If the lock bit is clear, an attempt to execute VMXON will cause a general-protection exception.
Post 26 Sep 2008, 02:03
View user's profile Send private message Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
Thanks Alphonso. Interesting. So your MB BIOS is configured to support VMX outside SMX (Bit[2] is set). I think it's interesting your UEFI stack is provided by Insyde (InsydeH20).

vid - check Intel 3B section 19.7 (latest version). Bit[1] controls VMX in SMX and Bit[2] controls VMX outside SMX. Bit[0] is lock bit, of course.
Post 26 Sep 2008, 02:28
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Quote:
Bit 0 is a lock bit. If the lock bit is clear, an attempt to execute VMXON will cause a general-protection exception.
Thanks, I was lazy to check myself. Maybe this is safeguard against turning off bit#2 when you are inside VMX root mode.

Quote:
with VT enabled via BIOS setup EAX returns 00000005 indicating VMX outside SMX operation

I would prefer if they left it unlocked, this may be bad for future-compatibility.
Post 26 Sep 2008, 09:33
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
vid wrote:
Bad thing is that some BIOS developers decided to not support VMX, even if hardware would support it, and simply locked this MSR (with bit#2 cleared => VMX disabled). If they wouldn't touch this register at all, everything would be fine.
As I see it, there could be two reasons for disabling VMX unconditionally:

1) marketing reasons; they want to charge a premium for "pro motherboards" that support VMX.

2) BIOS might have SMM code that, for some reason, doesn't play along nicely with VMX.

_________________
Image - carpe noctem
Post 26 Sep 2008, 16:17
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
My quess would be that in these cases, they didn't even bother to try your option 2), they locked it "just in case it wouldn't work". Anyway, this problem is becoming thing of past...
Post 27 Sep 2008, 04:53
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
Sorry it's taken me so long to get the photos of our Black Hat adventure posted, but here they are.

vid flew via Vienna, Austria to my house in the Washington, D.C area about three weeks in advance of Black Hat in order to help prepare for the presentation and to see a bit of the Washington, DC area. tom tobias flew up to join us for a weekend to share in some drink, food, and good conversation.

Here's vid at the White House
Image

... at the Washington Monument
Image

.... at the Lincoln Memorial
Image

After several weeks in Washington preparing for Black Hat, we packed our demostation PC and equipment and shipped it ahead of ourselves, vid, Steve (my 18 yr. old son) and I flew to sunny Las Vegas. As most of you read here, our demo machine was totally trashed by the shipping company, so we had no other choice than to start drinking heavily and head out on a road tirp to the Grand Canyon, stopping at the Hoover Dam along the way.

.... Wheels in Nevada
Image

..... Damn, thats a big dam (Hoover Dam)
Image

..... vid - self portrait
Image

After a couple of days of drinking and attending Black Hat speaker parties, it was time for the conference.
Image

...... vid registering at the Speaker / VIP area
Image

..... vid making friends outside Caesar's Palace... she seems to be enjoying herself
Image

...... agenda poster in hallway
Image
Image

After Black Hat we attended DefCon, which is a real blast. DefCon is a combination of security conference, wild party, and debauchery.

..... DefCon publically humiliates those who don't take precautions to secure / obscure their wireless connections by displaying thier IP, username and login information for all to see and laugh at. DefCon was held at the famous Riviera Hotel Cassino.

........ wall of sheep
Image

Despite the busted demo box, the presentation went well. We had a great time in Washington D.C. and Las Vegas. Thanks again to all of you who sent greetings and wishes of good luck.
Post 18 Oct 2008, 01:11
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan
Heh, I see vid met a stone-cold girl there) Sheep wall is cute as well)
btw was ppt|pdf of presentation was posted somewhere or whether it in plan?
Post 18 Oct 2008, 06:19
View user's profile Send private message Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 975
Location: Czechoslovakia
MazeGen
I always knew that vid doesn't like shooting (too bad that his original photo and my comment disappeared). Does this guy smile sometimes? Or did he try to pull a long face like Lincoln? Wink

Great photos, thanks for posting them, Don.
Post 18 Oct 2008, 13:21
View user's profile Send private message Visit poster's website Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
asmfan - you can read the Black Hat whitepaper on MazeGen's x86asm.net board. once you get there, browse a bit, there are some great aticles and information there.

MazeGen - i tried to get vid to smile for the camera, but he simply says, "just take the damn picture!" Laughing
Post 18 Oct 2008, 15:18
View user's profile Send private message Visit poster's website Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan
Thanks, Don.
Post 18 Oct 2008, 16:56
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.