From WikiChip
Editing x86/tme

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

This page supports semantic in-text annotations (e.g. "[[Is specified as::World Heritage Site]]") to build structured and queryable content provided by Semantic MediaWiki. For a comprehensive description on how to use annotations or the #ask parser function, please have a look at the getting started, in-text annotation, or inline queries help pages.

Latest revision Your text
Line 29: Line 29:
  
 
== Mechanism ==
 
== Mechanism ==
[[File:x86 tme physical address changes.svg|right|500px]]
 
 
TME is typically enabled by [[BIOS]] or other [[firmware]] at boot time. This is done via a new <code>{{x86|IA32_TME_ACTIVATE}}</code> {{x86|MSR}}. Note MKTME is an extension of TME, therefore in order for MKTME to work TME must be enabled. <code>KeyID 0</code> is reserved for TME and is generated by a [[hardware random generator]] at every boot time. That key is always available and is inaccessible to software. If the system is resuming from a standby TME can restore the key from storage.
 
TME is typically enabled by [[BIOS]] or other [[firmware]] at boot time. This is done via a new <code>{{x86|IA32_TME_ACTIVATE}}</code> {{x86|MSR}}. Note MKTME is an extension of TME, therefore in order for MKTME to work TME must be enabled. <code>KeyID 0</code> is reserved for TME and is generated by a [[hardware random generator]] at every boot time. That key is always available and is inaccessible to software. If the system is resuming from a standby TME can restore the key from storage.
  
Line 35: Line 34:
  
 
If MKTME is also support, it can be be enabled also using the <code>{{x86|IA32_TME_ACTIVATE}}</code> {{x86|MSR}} by setting the number of KeyID bits to configure (in theory up to 32K-1 keys). Once MKTME is enabled, the processor will re-purpose the physical address bits in order to communicate the KeyID to the encryption engines. Internally, the MKTME engine maintains an internal table used to hold keys and encryption modes (i.e., key specified, KeyID 0 (TME), and do not encrypt) which are associated with each KeyID. Those attributes can be programmed using the <code>PCONFIG</code> instruction.
 
If MKTME is also support, it can be be enabled also using the <code>{{x86|IA32_TME_ACTIVATE}}</code> {{x86|MSR}} by setting the number of KeyID bits to configure (in theory up to 32K-1 keys). Once MKTME is enabled, the processor will re-purpose the physical address bits in order to communicate the KeyID to the encryption engines. Internally, the MKTME engine maintains an internal table used to hold keys and encryption modes (i.e., key specified, KeyID 0 (TME), and do not encrypt) which are associated with each KeyID. Those attributes can be programmed using the <code>PCONFIG</code> instruction.
 +
 +
::[[File:x86 tme physical address changes.svg|500px]]
  
 
=== Example ===
 
=== Example ===

Please note that all contributions to WikiChip may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see WikiChip:Copyrights for details). Do not submit copyrighted work without permission!

Cancel | Editing help (opens in new window)