Linked by Thom Holwerda on Wed 29th Aug 2007 01:00 UTC
Intel "Today's launch of the latest version of Intel's vPro platform is a much bigger deal than you might think, with implications for end users that extend far beyond the enterprise arena at which vPro is initially aimed. The 2007 version of vPro represents the culmination of two of Intel's most ambitious and important plans for the PC platform: the transformation of x86 into a fully virtualizable ISA complete with virtualized I/O, and the first fully-complete implementation of all the parts of Intel's controversial contribution to 'trusted computing' technology, formerly codenamed 'LaGrande' but now called Trusted Execution Technology. Let's take a look at the new vPro and what its new virtualization and 'trusted computing' capabilities mean for ordinary users."
Thread beginning with comment 266434
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: No way..
by butters on Wed 29th Aug 2007 06:53 UTC in reply to "No way.."
Member since:

TXT is an equal-opportunity restrictor. Although it will be predominantly used as an anti-circumvention solution by commercial software and content vendors, it could be used as a security solution by ordinary users.

For example, I could use my own key to sign the software that I trust, and if it becomes compromised, TXT will refuse to execute it. But I can only exercise my freedom to tinker if the software isn't already signed by the vendor when I receive it.

Note that GPLv3 software can only be distributed pre-signed if it also comes with the key to unlock it. I don't see why any distributor would do this, but in the interest of minimizing restrictions as much as possible, it makes some sense.

As for VT-d, this is a great idea on paper, but it has some major caveats. The biggie is that live migration is impossible without defeating the whole point of the IOMMU. This forces admins to choose between a big single point of failure or no live migration. Tough choice, but most admins will choose cover their ass with live migration.

Let's take a look at IBM System P for example. A special non-mobile LPAR called the VIOS handles all physical I/O. The client LPARs are completely paravirtualized so that they can be migrated to another machine running a VIOS. If not for the IOMMU, each LPAR could have its own physical I/O layer. That would be preferable, because if the VIOS goes down, every LPAR on the machine has to be migrated.

Intel must realize that nested page tables are far more important than IOMMU, and AMD is going to beat them to the punch with Barcelona. AMD already makes Intel look silly because of their lack of real-mode virtualization support. No bootsplash for you!

Reply Parent Score: 2

RE[2]: No way..
by akro on Wed 29th Aug 2007 19:00 in reply to "RE: No way.."
akro Member since:

Not that I am an expert esepcially on the P series side but wouldn't PCI-E IOV and Multiroot PCI-E fix this. IE I have virtualized PCI-E card in a blade enclsoure and all the blades have access via Multiroot PCI-E. Therefore I a live migration is possible with virtualized IO.

Reply Parent Score: 1