I'm interested in playing with the LaGrande/TXT extensions. I have bought, read and understood the book (phew!) but all the data I can find on LaGrande is written for a very, very low level of development. In fact the book is mostly useless for a software developer like me, as it spends a lot of time discussing the exact CPU communication protocols (irrelevant) and no time discussing the minor details of how to actually write a program that uses it
One thing that seems clear is that the process of actually triggering the GETSEC SENTER instructions, loading the SINIT ACM into memory etc .... all this is very much hardware/chipset specific and is best abstracted by a driver. I see that Symantec have shipped an app that uses LaGrande so it must be possible, but I find it hard to believe they coded up all the MVMM/driver code themselves.
1) Do Intel provide a Linux or XP driver to help with writing an MVMM or starting up a protected domain/application? Or even sample code? I could write this myself, but I foresee many nights of frustrated debugging system freezes and hard resets ahead of me ....
2) Is there ANY documentation beyond the CPU level specs to help people write these apps?
3) Is there a better place to discuss LaGrande/TXT than this sucky forum, which doesn't even seem to have proper threading?
Hi mike - In regards to the LaGrande drivers question:
The Intel® Trusted Execution Technology (TXT) developers documents are in two places: the SMX instructions are described in the IA-32 Developer's Manual vol. 2B chapt. 6 and the guidance for writing TXT software (called an MLE or Measured Launched Environment) is the MLE Developer's Manual available at http://www.intel.com/technology/security.
There is also reference code for an MLE that can be used to launch the Xen hypervisor (and soon Linux) available at the http://sourceforge.net/projects/tboot site. This project site also hosts a mailing list that would be the most appropriate forum for questions on TXT and MLEs.
Hope this helps you along your journey...
Older Xeon processors used to be 32bit but all the newer ones are 64bit however not all but most support virtualization. Here is a list of all the current Xeon processors that support Virtualization in hardware.
Moreover, if you are trying to run Windows Server 2008 with Exchange 2007 on a virtual machine, it will work just fine considering that your RAM and HDD are also in compliance with your selection of processor. Hope this answers your questions!
And to identify that the Xeon is 64bit of the list that I have sent in my previous post stating all the VT enabled processors, when you click on a specific processor for details, you will see a field at the bottom in supported features stating *Intel® EM64T
1* which means that the microprocessor is 64 bit enabled
I am working in an enginerring college and we have more than 2500 students studing for different cources .we are planning to create a windows active directory based network for the entire campus. Which configuration is best sutable for our server ( We have about 600 computers in the campus). kindly give some technical advice
I am in the process of setting up vPro 'no touch' provisioning using the RCT/Activator tool. The Dell desktops I am testing with are still at factory default. We would rather not using PKI. We have our SCS server setup. When we run the RCT/Activator tool on the Dell desktop, the system shows up in the SCS, but is unprovisioned due to a missing PKI error. Can anyone point me in the correct direction on how to get around this? I need to stick to the 'no touch' provisioning method. Thank you in advance.
I have had the experience of setting up networks ranging from 500 to over 5000 nodes with AD integration and I would strongly suggest that before you look into the internals of the server as in processor, memory and hard drives, you must give Intel Blade Serversand Intel Modular Servers. I am suggesting these to you especially Modular servers since the world is moving towards Virtualization now and Modular servers are designed specifically to address the virtualization needs. Moreover these servers give you a big cut down on power consumption and cost giving you a lot more performance, storage and expandibility options for future making your life a lot easier. Intel have recently discontinued shipping it's blade servers but if you are even interested in Blade Servers, you still have the option of IBM as IBM blade servers are inter-operable with Intel's.
Do look into them and let me know what you think. Also check out another website for Intel Modular Servers and let me know if you are interested in learning more about these and setting up your solution on them for they will make your life a lot easy to deploy and manage.
Remote provisioning requires that you add a certificate to your SCS server that matches one of the certificates contained within AMT firmware. If you have not completed this step, you can find information on how to do it in the SCS instruction manual section "Acquiring and Configuring a Certificate that Supports Remote Configuration". Page 64 in SCS version 3.3.
There is a good article on the remote provisioning process here:
We recently ordered 15 Dell Optiplex 755's with Intel ProV technology. We are needing to add a wireless PCI card to each of these, as they are going to be on a somewhat mobile station that will, at times need to connect to the network wirelessly.
I understand that the ProV chips are designed to function with only one NIC. I assume that MEBx and ATM are the big reason that is the case. I have disabled MEBx and turned off the ATM services / software. This is allowing me to boot and work in Windows (XP pro 32bit) but with every shutdown I get a blue screen crash stating that; WMI: parity error / nonparity error (paraphrased). Removing the PCI WIFI card (also 32bit) eliminates the error.
So my question - is what we are trying to do possible with the ProV's single NIC design? Or is this an issue with using 32bit PCI card in a 64bit environment?
As you have may notice that since the processor is E7200 with every single specification and feature same except for the sSpec number and this is your question that what is the difference between the two sSpec numbers.
First you need to understand what a sSpec number is and why it is important. An sSpec is a specification number and stepping level code which is a five character string (SLAVN, SLAPC, etc) that is printed on and used to identify the processor. Now that you know what an sSpec number is, you should know why it is different if the processor is same with absolutely no difference even in the product name. Remember, a processor can have different sSpec numbers at the same time because when a change in processor's stepping occurs, a new sSpec number is generated in order to recognize that very specific stepping. To add more to it, you should also know that even the same stepping level can have more than one sSpec associated with it.
So now you know that even though SLAVN and SLAPC have exactly the same core stepping i.e. M0, there could be a stepping level change or it could be that since the core stepping is the same, it is the different sSpec associated with it.
Also in case you are wondering how stepping can effect, giving you a example "SL8PY and SL7Z3 support the same features. The only difference with the
two aside from the stepping model number appears to be their VID
table. The SL8PY might be too undervolted during idling when Speedstep
is enabled and this low voltage may cause instability in some P670 processors."
I would suggest that you go through these URLs to get even a clearer and deeper picture and in case if there are still discrepancies, feel free to contact us. Hope this all helped.